diff options
| author | Matthijs Kooijman <matthijs@stdin.nl> | 2012-01-10 21:01:06 +0100 |
|---|---|---|
| committer | Matthijs Kooijman <matthijs@stdin.nl> | 2012-01-10 21:54:58 +0100 |
| commit | 58209e8bd8b7c159c64405cde9e127de54af293f (patch) | |
| tree | 48061a6c941d86019732329bf10418309d4c740d | |
| parent | 7f9cfe3551aa8ae4dd10299f125ba6e7ba518f17 (diff) | |
| download | vyos-live-build-58209e8bd8b7c159c64405cde9e127de54af293f.tar.gz vyos-live-build-58209e8bd8b7c159c64405cde9e127de54af293f.zip | |
Use a two-stage mount again for mounting config inside chroot in lb_chroot_hooks.
This reverts part of cacf9b6e34 (but also adds a "bind" option to the
remount command, as documented in mount(8)).
Apparently, doing "mount -o bind,ro" doesn't work. It outputs:
mount: warning: chroot/root/config seems to be mounted read-write.
and mounts read-write instead of read-only. This behaviour is
documented in mount(8). Newer kernels do seem to allow
combining bind with the read-only option (see mount(2)), but this does
not seem to work (possibly because mount is trying to be smart).
| -rwxr-xr-x | scripts/build/lb_chroot_hooks | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/scripts/build/lb_chroot_hooks b/scripts/build/lb_chroot_hooks index 64656a041..efce80bf9 100755 --- a/scripts/build/lb_chroot_hooks +++ b/scripts/build/lb_chroot_hooks @@ -40,9 +40,14 @@ Create_lockfile .lock ## Processing distribution hooks -# Make build config available to chroot hooks. +# Make build config available to chroot hooks. First, make the bind +# mount and then make it read-only. This can't happen in one mount +# command, then the resulting mount will be rw (see mount(8)). Making it +# ro prevents modifications and prevents accidentally removing the +# contents of the config directory when removing the chroot. mkdir -p chroot/root/config -mount -o bind,ro config chroot/root/config +mount -o bind config chroot/root/config +mount -o remount,ro,bind config chroot/root/config # Copying hooks for _HOOK in ${LB_CHROOT_HOOKS} |