[Bug 1262994] New: docker-io remounts host /sys read-only

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1262994

            Bug ID: 1262994
           Summary: docker-io remounts host /sys read-only
           Product: Fedora EPEL
           Version: el6
         Component: docker-io
          Severity: medium
          Assignee: ichav...@redhat.com
          Reporter: dsix.w...@gmail.com
        QA Contact: extras...@fedoraproject.org
                CC: adima...@gmail.com, admil...@redhat.com,
                    akurt...@redhat.com, dsix.w...@gmail.com,
                    dwa...@redhat.com, extras...@fedoraproject.org,
                    golang@lists.fedoraproject.org, hushan....@gmail.com,
                    ichav...@redhat.com, jalman...@gmail.com,
                    jchal...@redhat.com, jper...@centos.org,
                    l...@redhat.com, mat...@redhat.com,
                    mgold...@redhat.com, mimi...@redhat.com,
                    pwebs...@ca.ibm.com, s...@shk.io, thr...@redhat.com,
                    vba...@redhat.com, wo...@nobugconsulting.ro



+++ This bug was initially created as a clone of Bug #1214394 +++

Description of problem: 

Running a container without --privileged will remount /sys as read only on the
host machine.

Verified with docker-io-1.7.1-2.el6.x86_64 on RHEL 6.7

How reproducible: Always

Steps to Reproduce: 

1. Install docker-io
2. Start a container without --privileged (e.g docker run -it --rm busybox
date)
3. /sys is now mounted RO on the host

Expected results: 

/sys should be read-only within the container, but remain read-write for the
host

Additional docker version information:

# docker info
Containers: 10
Images: 179
Storage Driver: devicemapper
 Pool Name: docker-253:0-27395432-pool
 Pool Blocksize: 65.54 kB
 Backing Filesystem: extfs
 Data file: /dev/loop0
 Metadata file: /dev/loop1
 Data Space Used: 8.951 GB
 Data Space Total: 107.4 GB
 Data Space Available: 98.42 GB
 Metadata Space Used: 10.13 MB
 Metadata Space Total: 2.147 GB
 Metadata Space Available: 2.137 GB
 Udev Sync Supported: true
 Deferred Removal Enabled: false
 Data loop file: /var/lib/docker/devicemapper/devicemapper/data
 Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
 Library Version: 1.02.95-RHEL6 (2015-07-29)
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 2.6.32-573.3.1.el6.x86_64
Operating System: <unknown>
CPUs: 2
Total Memory: 1.808 GiB
Name: -
ID: IHHZ:XJ2C:4JQL:AN6P:I7KG:7Y3P:FIEC:P5NK:QKSA:PTKR:CDHR:RILN

# docker version
Client version: 1.7.1
Client API version: 1.19
Go version (client): go1.4.2
Git commit (client): 786b29d/1.7.1
OS/Arch (client): linux/amd64
Server version: 1.7.1
Server API version: 1.19
Go version (server): go1.4.2
Git commit (server): 786b29d/1.7.1
OS/Arch (server): linux/amd64

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
golang mailing list
golang@lists.fedoraproject.org
https://lists.fedoraproject.org/mailman/listinfo/golang