Merge pull request #357 from agriffis/fedora-host-selinux-ro

Mount the selinux sys dir read-only [GH-301]
This commit is contained in:
Fabio Rehm 2015-04-06 10:51:30 -03:00
commit 8cb0afeb39

View file

@ -20,6 +20,12 @@ module Vagrant
config.customize 'mount.entry', '/sys/fs/pstore sys/fs/pstore none bind,optional 0 0' config.customize 'mount.entry', '/sys/fs/pstore sys/fs/pstore none bind,optional 0 0'
end end
# Make selinux read-only, see
# https://github.com/fgrehm/vagrant-lxc/issues/301
if Dir.exists?('/sys/fs/selinux')
config.customize 'mount.entry', '/sys/fs/selinux sys/fs/selinux none bind,ro 0 0'
end
env[:ui].info I18n.t("vagrant_lxc.messages.starting") env[:ui].info I18n.t("vagrant_lxc.messages.starting")
env[:machine].provider.driver.start(config.customizations) env[:machine].provider.driver.start(config.customizations)