search

hyperhq / hyperstart

The tiny Init service for HyperContainer
https://www.hypercontainer.io
Apache License 2.0
134 stars 63 forks source link

pod_init process's rootfs should be setup to an empty dir #326

Open laijs opened 7 years ago

laijs commented 7 years ago

otherwise container can access the vm-rootfs via /proc/1/root/ or /proc/1/cwd/

jcvenegas commented 5 years ago

This is does not affect kata closing issue.

docker run -ti --rm --runtime kata-qemu ubuntu cat /proc/1/root/etc/os-release
NAME="Ubuntu"
VERSION="18.04.2 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.2 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic