mirror of
https://github.com/siderolabs/talos.git
synced 2025-09-17 03:41:11 +02:00
e24b93b4e1
Fix mount option nsdelegate. It makes delegation safe (more restrictions in the cgroup namespace). Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
20 lines
644 B
Go
20 lines
644 B
Go
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
package mount
|
|
|
|
import (
|
|
"golang.org/x/sys/unix"
|
|
|
|
"github.com/talos-systems/talos/pkg/machinery/constants"
|
|
)
|
|
|
|
// CGroupMountPoints returns the cgroup mount points.
|
|
func CGroupMountPoints() (mountpoints *Points, err error) {
|
|
cgroups := NewMountPoints()
|
|
cgroups.Set("cgroup2", NewMountPoint("cgroup", constants.CgroupMountPath, "cgroup2", unix.MS_NOSUID|unix.MS_NODEV|unix.MS_NOEXEC|unix.MS_RELATIME, "nsdelegate"))
|
|
|
|
return cgroups, nil
|
|
}
|