busybox: mount sys:ro

There's no udev so sys doesn't need to be read-write. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2025-08-31 08:59:36 +00:00 · 2021-08-17 11:07:38 +02:00
parent 803839b8b9
commit 8829829deb
1 changed files with 1 additions and 1 deletions
--- a/templates/lxc-busybox.in
+++ b/templates/lxc-busybox.in
@@ -234,7 +234,7 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time
 # When using LXC with apparmor, uncomment the next line to run unconfined:
 #lxc.apparmor.profile = unconfined

-lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
+lxc.mount.auto = cgroup:mixed proc:mixed sys:ro
 lxc.mount.entry = shm dev/shm tmpfs defaults,create=dir 0 0
 lxc.mount.entry = mqueue dev/mqueue mqueue defaults,optional,create=dir 0 0
 EOF