projects / oweals / procd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
jail: mount /sys read-only
[oweals/procd.git] / jail / jail.c
diff --git a/jail/jail.c b/jail/jail.c
index 25b847d92a9ad093f38da0bb6c9b73a48524406f..052a78e59ccc2be40f632fe7fa1a9e399f88ccc7 100644 (file)
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -302,7 +302,7 @@ static int build_jail_fs(void)
        }
        if (opts.sysfs) {
                mkdir("/sys", 0755);
-               mount("sysfs", "/sys", "sysfs", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, 0);
+               mount("sysfs", "/sys", "sysfs", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_RDONLY, 0);
        }
        if (opts.ronly)
                mount(NULL, "/", NULL, MS_RDONLY | MS_REMOUNT, 0);
Unnamed repository; edit this file 'description' to name the repository.