gvisor

Commit Graph

Author	SHA1	Message	Date
Lantao Liu	d8f0db9bcf	runsc: unmount volume mounts when destroy container. PiperOrigin-RevId: 210579178 Change-Id: Iae20639c5186b1a976cbff6d05bda134cd00d0da	2018-08-28 11:54:07 -07:00
Kevin Krakauer	a4529c1b5b	runsc: Fix readonly filesystem causing failure to create containers. For readonly filesystems specified via relative path, we were forgetting to mount relative to the container's bundle directory. PiperOrigin-RevId: 210483388 Change-Id: I84809fce4b1f2056d0e225547cb611add5f74177	2018-08-27 20:34:27 -07:00
Fabricio Voznika	db81c0b02f	Put fsgofer inside chroot Now each container gets its own dedicated gofer that is chroot'd to the rootfs path. This is done to add an extra layer of security in case the gofer gets compromised. PiperOrigin-RevId: 210396476 Change-Id: Iba21360a59dfe90875d61000db103f8609157ca0	2018-08-27 11:10:14 -07:00

Author

SHA1

Message

Date

Lantao Liu

d8f0db9bcf

runsc: unmount volume mounts when destroy container.

PiperOrigin-RevId: 210579178
Change-Id: Iae20639c5186b1a976cbff6d05bda134cd00d0da

2018-08-28 11:54:07 -07:00

Kevin Krakauer

a4529c1b5b

runsc: Fix readonly filesystem causing failure to create containers.

For readonly filesystems specified via relative path, we were forgetting to
mount relative to the container's bundle directory.

PiperOrigin-RevId: 210483388
Change-Id: I84809fce4b1f2056d0e225547cb611add5f74177

2018-08-27 20:34:27 -07:00

Fabricio Voznika

db81c0b02f

Put fsgofer inside chroot

Now each container gets its own dedicated gofer that is chroot'd to the
rootfs path. This is done to add an extra layer of security in case the
gofer gets compromised.

PiperOrigin-RevId: 210396476
Change-Id: Iba21360a59dfe90875d61000db103f8609157ca0

2018-08-27 11:10:14 -07:00

3 Commits