Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

/proc/sys read-only #741

Closed
ovanes opened this issue Apr 11, 2016 · 3 comments
Closed

/proc/sys read-only #741

ovanes opened this issue Apr 11, 2016 · 3 comments
Milestone
1.0.0-rc6

Comments

@ovanes
Copy link

ovanes commented Apr 11, 2016

Currently running a privileged container allows to modify values in /proc/sys file system. As it turns out runC prohibits it and, finally, if docker completely moves to runC some deployments will break.

Can /proc/sys still be made writable?
@AkihiroSuda
Copy link
Member

Corresponding docker issue moby/moby#21649

@cyphar
Copy link
Member

cyphar commented Apr 12, 2016

I'm confused, wasn't this fixed in #716? You can change the ReadonlyPaths list of paths so that it doesn't include /proc/sys. What's left is for Docker (and maybe containerd) to correctly set the OCI config.

@crosbymichael crosbymichael modified the milestone: 1.0.0 May 25, 2016
@crosbymichael
Copy link
Member

This has been resolved in both runc and docker. Thanks for the issue.

stefanberger pushed a commit to stefanberger/runc that referenced this issue Sep 8, 2017
Merge pull request opencontainers#741 from q384566678/fix-info
71366ee 
config-linux.md: fix info
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.0.0-rc6
Development

No branches or pull requests
4 participants
@crosbymichael @ovanes @cyphar @AkihiroSuda