diff options
Diffstat (limited to 'runsc/sandbox/chroot.go')
| -rw-r--r-- | runsc/sandbox/chroot.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/runsc/sandbox/chroot.go b/runsc/sandbox/chroot.go index 30a4bae35..35b19a0b1 100644 --- a/runsc/sandbox/chroot.go +++ b/runsc/sandbox/chroot.go @@ -55,7 +55,7 @@ func setUpChroot() (string, error) { log.Infof("Setting up sandbox chroot in %q", chroot) // Mount /proc. - if err := mountInChroot(chroot, "proc", "/proc", "proc", 0); err != nil { + if err := mountInChroot(chroot, "proc", "/proc", "proc", syscall.MS_NOSUID|syscall.MS_NODEV|syscall.MS_NOEXEC); err != nil { return "", fmt.Errorf("error mounting proc in chroot: %v", err) } |