aljaz/kata-containers
1
0
Fork 0
mirror of https://github.com/aljazceru/kata-containers.git synced 2025-12-18 06:44:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

runtime: virtcontainers: make rootfs image read-only

Browse Source 
Improve security by making rootfs image read-only, nobody
will be able to modify it from the guest.

fixes #1916

Signed-off-by: Julio Montes <julio.montes@intel.com>
This commit is contained in:
Julio Montes
2021-07-22 09:57:23 -05:00
parent 070590fb53
commit 2859600a6f
2 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/runtime/virtcontainers/qemu_arch_base.go
View File

@@ -406,6 +406,7 @@ func (q *qemuArchBase) appendNvdimmImage(devices []govmmQemu.Device, path string
ID: "mem0",
MemPath: path,
Size: (uint64)(imageStat.Size()),
ReadOnly: true,
}
devices = append(devices, object)