Mount the selinux sys dir read-only [GH-301]

This commit is contained in:
Aron Griffis 2015-03-24 17:42:11 -04:00
parent c9cd671a32
commit 7d017ada1e

View file

@ -20,6 +20,12 @@ module Vagrant
config.customize 'mount.entry', '/sys/fs/pstore sys/fs/pstore none bind,optional 0 0' config.customize 'mount.entry', '/sys/fs/pstore sys/fs/pstore none bind,optional 0 0'
end end
# Make selinux read-only, see
# https://github.com/fgrehm/vagrant-lxc/issues/301
if Dir.exists?('/sys/fs/selinux')
config.customize 'mount.entry', '/sys/fs/selinux sys/fs/selinux none bind,ro 0 0'
end
env[:ui].info I18n.t("vagrant_lxc.messages.starting") env[:ui].info I18n.t("vagrant_lxc.messages.starting")
env[:machine].provider.driver.start(config.customizations) env[:machine].provider.driver.start(config.customizations)