diff options
author | Nicolas Lacasse <nlacasse@google.com> | 2018-09-24 17:21:16 -0700 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-09-24 17:22:15 -0700 |
commit | d489336784f12e1b6f92d65f53679c1226b58668 (patch) | |
tree | 822794fb40440b2544afe885732d984987dd9786 /pkg/sentry/socket/rpcinet/socket.go | |
parent | 4094480b28e7367346840938f83db65f20e7ddaa (diff) |
runsc: All non-root bind mounts should be shared.
This CL changes the semantics of the "--file-access" flag so that it only
affects the root filesystem. The default remains "exclusive" which is the
common use case, as neither Docker nor K8s supports sharing the root.
Keeping the root fs as "exclusive" means that the fs-intensive work done during
application startup will mostly be cacheable, and thus faster.
Non-root bind mounts will always be shared.
This CL also removes some redundant FSAccessType validations. We validate this
flag in main(), so we can assume it is valid afterwards.
PiperOrigin-RevId: 214359936
Change-Id: I7e75d7bf52dbd7fa834d0aacd4034868314f3b51
Diffstat (limited to 'pkg/sentry/socket/rpcinet/socket.go')
0 files changed, 0 insertions, 0 deletions