diskimage-builder/releasenotes/notes/sysfs-ro-b127a6df2d78e57c.yaml
Ian Wienand 12b60c4088 Mount /sys RO
As noted inline, this works around potential issues by being a strong
indication you are in a container (e.g. [1]).  Since nothing should be
changing anything on the host/build system, this is a generically
safer way to operate.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1975588

Change-Id: Ic6802c4ffc2e825f129af10717860a2d1770fe80
2021-07-05 11:45:02 +10:00

6 lines
225 B
YAML

---
upgrade:
- |
Base installs now mount ``/sys`` read-only in chroot environemnts.
This is a good indication to various tools and scripts that that
they are running in a unprivileged/containerised environment.