Bug 1262994 - docker-io remounts host /sys read-only
docker-io remounts host /sys read-only
Product: Fedora EPEL
Classification: Fedora
Component: docker-io (Show other bugs)
x86_64 Linux
unspecified Severity medium
: ---
: ---
Assigned To: Ivan Chavero
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2015-09-14 16:37 EDT by David Six
Modified: 2015-10-28 10:40 EDT (History)
21 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1214394
Last Closed: 2015-10-28 10:40:47 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description David Six 2015-09-14 16:37:54 EDT
+++ This bug was initially created as a clone of Bug #1214394 +++

Description of problem: 

Running a container without --privileged will remount /sys as read only on the host machine.

Verified with docker-io-1.7.1-2.el6.x86_64 on RHEL 6.7

How reproducible: Always

Steps to Reproduce: 

1. Install docker-io
2. Start a container without --privileged (e.g docker run -it --rm busybox date)
3. /sys is now mounted RO on the host

Expected results: 

/sys should be read-only within the container, but remain read-write for the host

Additional docker version information:

# docker info
Containers: 10
Images: 179
Storage Driver: devicemapper
 Pool Name: docker-253:0-27395432-pool
 Pool Blocksize: 65.54 kB
 Backing Filesystem: extfs
 Data file: /dev/loop0
 Metadata file: /dev/loop1
 Data Space Used: 8.951 GB
 Data Space Total: 107.4 GB
 Data Space Available: 98.42 GB
 Metadata Space Used: 10.13 MB
 Metadata Space Total: 2.147 GB
 Metadata Space Available: 2.137 GB
 Udev Sync Supported: true
 Deferred Removal Enabled: false
 Data loop file: /var/lib/docker/devicemapper/devicemapper/data
 Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
 Library Version: 1.02.95-RHEL6 (2015-07-29)
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 2.6.32-573.3.1.el6.x86_64
Operating System: <unknown>
CPUs: 2
Total Memory: 1.808 GiB
Name: -

# docker version
Client version: 1.7.1
Client API version: 1.19
Go version (client): go1.4.2
Git commit (client): 786b29d/1.7.1
OS/Arch (client): linux/amd64
Server version: 1.7.1
Server API version: 1.19
Go version (server): go1.4.2
Git commit (server): 786b29d/1.7.1
OS/Arch (server): linux/amd64

Note You need to log in before you can comment on or make changes to this bug.