/* The access mode here doesn't really matter too much, since
* the mounted file system will take precedence anyway. */
- mkdir_p_label(p->where, 0755);
+ if (relabel)
+ mkdir_p_label(p->where, 0755);
+ else
+ mkdir_p(p->where, 0755);
log_debug("Mounting %s to %s of type %s with options %s.",
p->what,
}
}
+ /* Now that we mounted everything, let's make the tmpfs the
+ * cgroup file systems are mounted into read-only. */
+ mount("tmpfs", "/sys/fs/cgroup", "tmpfs", MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME|MS_RDONLY, "mode=755");
+
return 0;
}