busybox: mount sys:ro

author Christian Brauner <christian.brauner@ubuntu.com>

Tue, 17 Aug 2021 09:07:38 +0000 (11:07 +0200)

committer Christian Brauner <christian.brauner@ubuntu.com>

Tue, 17 Aug 2021 11:49:56 +0000 (13:49 +0200)
author Christian Brauner <christian.brauner@ubuntu.com>
Tue, 17 Aug 2021 09:07:38 +0000 (11:07 +0200)
committer Christian Brauner <christian.brauner@ubuntu.com>
Tue, 17 Aug 2021 11:49:56 +0000 (13:49 +0200)
diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in

index 266be60cc5bdd45606d905425da15e52bf25c97c..3306b5e6347c80adcafcd5cf1e86c959cf22774a 100644 (file)
--- a/templates/lxc-busybox.in
+++ b/templates/lxc-busybox.in
@@ -234,7 +234,7 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time
  # When using LXC with apparmor, uncomment the next line to run unconfined:
  #lxc.apparmor.profile = unconfined
  
-lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
+lxc.mount.auto = cgroup:mixed proc:mixed sys:ro
  lxc.mount.entry = shm dev/shm tmpfs defaults,create=dir 0 0
  lxc.mount.entry = mqueue dev/mqueue mqueue defaults,optional,create=dir 0 0
  EOF
author	Christian Brauner <christian.brauner@ubuntu.com>
	Tue, 17 Aug 2021 09:07:38 +0000 (11:07 +0200)
committer	Christian Brauner <christian.brauner@ubuntu.com>
	Tue, 17 Aug 2021 11:49:56 +0000 (13:49 +0200)