Merge pull request #10093 from crosbymichael/readonly-containers

Add --read-only for read only container rootfs Upstream-commit: 95c0f07966035ce79c6b51a2eee8c60c59fb523c Component: engine
2015-01-14 15:56:51 -08:00
parent d149e702e3 2ef8faf6e3
commit 2a3eb3ae39
11 changed files with 62 additions and 1 deletions
--- a/components/engine/daemon/execdriver/driver.go
+++ b/components/engine/daemon/execdriver/driver.go
@ -125,7 +125,8 @@ type ProcessConfig struct {
 // Process wrapps an os/exec.Cmd to add more metadata
 type Command struct {
 	ID                 string            `json:"id"`
-	Rootfs             string            `json:"rootfs"`   // root fs of the container
+	Rootfs             string            `json:"rootfs"` // root fs of the container
+	ReadonlyRootfs     bool              `json:"readonly_rootfs"`
 	InitPath           string            `json:"initpath"` // dockerinit
 	WorkingDir         string            `json:"working_dir"`
 	ConfigPath         string            `json:"config_path"` // this should be able to be removed when the lxc template is moved into the driver
--- a/components/engine/daemon/execdriver/native/create.go
+++ b/components/engine/daemon/execdriver/native/create.go
@ -31,6 +31,7 @@ func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Config, e
 	container.Cgroups.AllowedDevices = c.AllowedDevices
 	container.MountConfig.DeviceNodes = c.AutoCreatedDevices
 	container.RootFs = c.Rootfs
+	container.MountConfig.ReadonlyFs = c.ReadonlyRootfs

 	// check to see if we are running in ramdisk to disable pivot root
 	container.MountConfig.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != ""