mirror of
https://github.com/containers/podman.git
synced 2025-06-01 17:17:47 +08:00
22a8b68866
The intention of --read-only-tmpfs=fals when in --read-only mode was to not allow any processes inside of the container to write content anywhere, unless the caller also specified a volume or a tmpfs. Having /dev and /dev/shm writable breaks this assumption. Fixes: https://github.com/containers/podman/issues/12937 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
334 B
334 B
####> This option file is used in: ####> podman create, run ####> If file is edited, make sure the changes ####> are applicable to all of those.
--read-only-tmpfs
If container is running in --read-only mode, then mount a read-write tmpfs on /dev, /dev/shm, /run, /tmp, and /var/tmp. The default is true.