From 8829829debe9456f4207c60a15fc85e7c44bd575 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Tue, 17 Aug 2021 11:07:38 +0200
Subject: [PATCH] busybox: mount sys:ro

There's no udev so sys doesn't need to be read-write.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 templates/lxc-busybox.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
index 266be60cc..3306b5e63 100644
--- a/templates/lxc-busybox.in
+++ b/templates/lxc-busybox.in
@@ -234,7 +234,7 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time
 # When using LXC with apparmor, uncomment the next line to run unconfined:
 #lxc.apparmor.profile = unconfined
 
-lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
+lxc.mount.auto = cgroup:mixed proc:mixed sys:ro
 lxc.mount.entry = shm dev/shm tmpfs defaults,create=dir 0 0
 lxc.mount.entry = mqueue dev/mqueue mqueue defaults,optional,create=dir 0 0
 EOF
-- 
2.47.2