From eec1a06921aa51aba96b85868184b588d8cc47e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= <anders.f.bjorklund@gmail.com>
Date: Sat, 24 Aug 2019 16:16:11 +0200
Subject: [PATCH] Add warning that using --no-pivot is not secure

It is only intended for compatibility with the old
rootfs ISO, and not needed with the new tmpfs ISO.
---
 pkg/provision/buildroot.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/provision/buildroot.go b/pkg/provision/buildroot.go
index f0a2e9ca7f3a..be32b4bf9d77 100644
--- a/pkg/provision/buildroot.go
+++ b/pkg/provision/buildroot.go
@@ -110,6 +110,7 @@ Type=notify
 
 `
 	if noPivot {
+		log.Warn("Using fundamentally insecure --no-pivot option")
 		engineConfigTmpl += `
 # DOCKER_RAMDISK disables pivot_root in Docker, using MS_MOVE instead.
 Environment=DOCKER_RAMDISK=yes