From 27ae108b4eda48a621afc5bf2157ef11c314a858 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Mon, 20 Apr 2015 13:54:49 -0700 Subject: [PATCH] Mount RO for timer_stats and latency_stats in proc Signed-off-by: Michael Crosby --- .../native/template/default_template.go | 2 ++ integration-cli/docker_cli_run_test.go | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/daemon/execdriver/native/template/default_template.go b/daemon/execdriver/native/template/default_template.go index 5e48e623ef..e14be6aee5 100644 --- a/daemon/execdriver/native/template/default_template.go +++ b/daemon/execdriver/native/template/default_template.go @@ -88,8 +88,10 @@ func New() *configs.Config { "/proc/bus", "/proc/fs", "/proc/irq", + "/proc/latency_stats", "/proc/sys", "/proc/sysrq-trigger", + "/proc/timer_stats", }, } diff --git a/integration-cli/docker_cli_run_test.go b/integration-cli/docker_cli_run_test.go index 3e01fb1a29..d94ebe7851 100644 --- a/integration-cli/docker_cli_run_test.go +++ b/integration-cli/docker_cli_run_test.go @@ -3077,3 +3077,21 @@ func TestRunWriteToProcAsound(t *testing.T) { } logDone("run - ro write to /proc/asound") } + +func TestRunWriteToProcTimer(t *testing.T) { + defer deleteAllContainers() + code, err := runCommand(exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "echo 1 >> /proc/timer_stats")) + if err == nil || code == 0 { + t.Fatal("standard container should not be able to write to /proc/timer_stats") + } + logDone("run - ro write to /proc/timer_stats") +} + +func TestRunWriteToProcLatency(t *testing.T) { + defer deleteAllContainers() + code, err := runCommand(exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "echo 1 >> /proc/latency_stats")) + if err == nil || code == 0 { + t.Fatal("standard container should not be able to write to /proc/latency_stats") + } + logDone("run - ro write to /proc/latency_stats") +}