Fix mount error when chmod RO tmpfs

Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>

libcontainer/rootfs_linux.go

@@ -383,6 +383,12 @@ func mountToRootfs(m *configs.Mount, rootfs, mountLabel string, enableCgroupns b
 				return err
 			}
 		}
+		// Initially mounted rw in mountPropagate, remount to ro if flag set.
+		if m.Flags&unix.MS_RDONLY != 0 {
+			if err := remount(m, rootfs); err != nil {
+				return err
+			}
+		}
 		return nil
 	case "bind":
 		if err := prepareBindMount(m, rootfs); err != nil {
@@ -957,6 +963,12 @@ func mountPropagate(m *configs.Mount, rootfs string, mountLabel string) error {
 		flags &= ^unix.MS_RDONLY
 	}
 
+	// Mount it rw to allow chmod operation. A remount will be performed
+	// later to make it ro if set.
+	if m.Device == "tmpfs" {
+		flags &= ^unix.MS_RDONLY
+	}
+
 	copyUp := m.Extensions&configs.EXT_COPYUP == configs.EXT_COPYUP
 	if !(copyUp || strings.HasPrefix(dest, rootfs)) {
 		dest = filepath.Join(rootfs, dest)

tests/integration/mounts.bats

@@ -20,3 +20,12 @@ function teardown() {
 	[ "$status" -eq 0 ]
 	[[ "${lines[0]}" == *'/tmp/bind/config.json'* ]]
 }
+
+@test "runc run [ro tmpfs mount]" {
+	update_config 	' .mounts += [{"source": "tmpfs", "destination": "/mnt", "type": "tmpfs", "options": ["ro", "nodev", "nosuid", "mode=755"]}] 
+			| .process.args |= ["grep", "^tmpfs /mnt", "/proc/mounts"]' 
+
+	runc run test_ro_tmpfs_mount
+	[ "$status" -eq 0 ]
+	[[ "${lines[0]}" == *'ro,'* ]]
+}