Mount RO for timer_stats and latency_stats in proc

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This commit is contained in:
Michael Crosby 2015-04-20 13:54:49 -07:00 коммит произвёл Jessica Frazelle
Родитель 42c8c1b0b8
Коммит 27ae108b4e
2 изменённых файлов: 20 добавлений и 0 удалений

Просмотреть файл

@ -88,8 +88,10 @@ func New() *configs.Config {
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/latency_stats",
"/proc/sys",
"/proc/sysrq-trigger",
"/proc/timer_stats",
},
}

Просмотреть файл

@ -3077,3 +3077,21 @@ func TestRunWriteToProcAsound(t *testing.T) {
}
logDone("run - ro write to /proc/asound")
}
func TestRunWriteToProcTimer(t *testing.T) {
defer deleteAllContainers()
code, err := runCommand(exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "echo 1 >> /proc/timer_stats"))
if err == nil || code == 0 {
t.Fatal("standard container should not be able to write to /proc/timer_stats")
}
logDone("run - ro write to /proc/timer_stats")
}
func TestRunWriteToProcLatency(t *testing.T) {
defer deleteAllContainers()
code, err := runCommand(exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "echo 1 >> /proc/latency_stats"))
if err == nil || code == 0 {
t.Fatal("standard container should not be able to write to /proc/latency_stats")
}
logDone("run - ro write to /proc/latency_stats")
}