summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/socket/rpcinet/socket.go
diff options
context:
space:
mode:
authorNicolas Lacasse <nlacasse@google.com>2018-09-24 17:21:16 -0700
committerShentubot <shentubot@google.com>2018-09-24 17:22:15 -0700
commitd489336784f12e1b6f92d65f53679c1226b58668 (patch)
tree822794fb40440b2544afe885732d984987dd9786 /pkg/sentry/socket/rpcinet/socket.go
parent4094480b28e7367346840938f83db65f20e7ddaa (diff)
runsc: All non-root bind mounts should be shared.
This CL changes the semantics of the "--file-access" flag so that it only affects the root filesystem. The default remains "exclusive" which is the common use case, as neither Docker nor K8s supports sharing the root. Keeping the root fs as "exclusive" means that the fs-intensive work done during application startup will mostly be cacheable, and thus faster. Non-root bind mounts will always be shared. This CL also removes some redundant FSAccessType validations. We validate this flag in main(), so we can assume it is valid afterwards. PiperOrigin-RevId: 214359936 Change-Id: I7e75d7bf52dbd7fa834d0aacd4034868314f3b51
Diffstat (limited to 'pkg/sentry/socket/rpcinet/socket.go')
0 files changed, 0 insertions, 0 deletions