Skip to content

Commit ae4dbb6

Browse files
vinayakankugoyalvinayakankugoyal
committed
Add noexec nodev and nosuid to sandbox /etc/resolv.conf mount bind.
Signed-off-by: Vinayak Goyal <[email protected]>
1 parent f7f2be7 commit ae4dbb6

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

pkg/cri/server/sandbox_run_linux.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -133,7 +133,7 @@ func (c *criService) sandboxContainerSpec(id string, config *runtime.PodSandboxC
133133
Source: c.getResolvPath(id),
134134
Destination: resolvConfPath,
135135
Type: "bind",
136-
Options: []string{"rbind", "ro"},
136+
Options: []string{"rbind", "ro", "nosuid", "nodev", "noexec"},
137137
},
138138
}))
139139

0 commit comments

Comments
 (0)