Skip to content

Commit

Permalink
Mount container root nosuid
Browse files Browse the repository at this point in the history
  • Loading branch information
Felix Obenhuber committed Oct 19, 2023
1 parent 3773d44 commit 05c4514
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions northstar-runtime/src/runtime/mount.rs
Original file line number Diff line number Diff line change
Expand Up @@ -267,15 +267,15 @@ fn mount(
device.display(),
target.display(),
);
const FLAGS: MountFlags = MountFlags::MS_RDONLY;
let flags = MountFlags::MS_RDONLY | MountFlags::MS_NOSUID;
const FSTYPE: Option<&str> = Some(FS_TYPE);
let source = Some(&device);
let data = selinux
.then_some(())
.and(selinux_context)
.map(|context| format!("context={}", context.as_str()));
let data = data.as_deref();
let mount_result = nix::mount::mount(source, target, FSTYPE, FLAGS, data);
let mount_result = nix::mount::mount(source, target, FSTYPE, flags, data);

if let Err(ref e) = mount_result {
warn!("Failed to mount: {}", e);
Expand Down

0 comments on commit 05c4514

Please sign in to comment.