diff options
| -rw-r--r-- | src/core/mount-setup.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c index c6d3f4bbcc..147333a6c6 100644 --- a/src/core/mount-setup.c +++ b/src/core/mount-setup.c @@ -338,6 +338,10 @@ int mount_cgroup_controllers(char ***join_controllers) { } } + /* Now that we mounted everything, let's make the tmpfs the + * cgroup file systems are mounted into read-only. */ + mount("tmpfs", "/sys/fs/cgroup", "tmpfs", MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME|MS_RDONLY, "mode=755"); + return 0; } |