cgfs: don't mount /sys/fs/cgroup readonly

/sys/fs/cgroup is just a size-limited tmpfs, and making it ro does
nothing to affect our ability alter mount settings of its subdirs.
OTOH making it ro can upset mountall in the container which tries
to remount it rw, which may be refused.

So just don't do it.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Cc: Christian Seiler <christian@iwakd.de>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

diff --git a/src/lxc/cgfs.c b/src/lxc/cgfs.c
index db2a973ce210741c8c6ba18cb950d45ded785d0b..ba7df895ad86edf544635384a9d6a746ab9a1879 100644 (file)
--- a/src/lxc/cgfs.c
+++ b/src/lxc/cgfs.c
@@ -1413,14 +1413,6 @@ static bool cgroupfs_mount_cgroup(void *hdata, const char *root, int type)
                                SYSERROR("error bind-mounting %s to %s", mp->mount_point, abs_path);
                                goto out_error;
                        }
-                       /* main cgroup path should be read-only */
-                       if (type == LXC_AUTO_CGROUP_FULL_RO || type == LXC_AUTO_CGROUP_FULL_MIXED) {
-                               r = mount(NULL, abs_path, NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL);
-                               if (r < 0) {
-                                       SYSERROR("error re-mounting %s readonly", abs_path);
-                                       goto out_error;
-                               }
-                       }
                        /* own cgroup should be read-write */
                        if (type == LXC_AUTO_CGROUP_FULL_MIXED) {
                                r = mount(abs_path2, abs_path2, NULL, MS_BIND, NULL);
@@ -1487,14 +1479,6 @@ static bool cgroupfs_mount_cgroup(void *hdata, const char *root, int type)
                parts = NULL;
        }
 
-       /* try to remount the tmpfs readonly, since the container shouldn't
-        * change anything (this will also make sure that trying to create
-        * new cgroups outside the allowed area fails with an error instead
-        * of simply causing this to create directories in the tmpfs itself)
-        */
-       if (type != LXC_AUTO_CGROUP_RW && type != LXC_AUTO_CGROUP_FULL_RW)
-               mount(NULL, path, NULL, MS_REMOUNT|MS_RDONLY, NULL);
-
        free(path);
 
        return true;