summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthijs Kooijman <matthijs@stdin.nl>2012-01-10 21:01:06 +0100
committerMatthijs Kooijman <matthijs@stdin.nl>2012-01-10 21:54:58 +0100
commit58209e8bd8b7c159c64405cde9e127de54af293f (patch)
tree48061a6c941d86019732329bf10418309d4c740d
parent7f9cfe3551aa8ae4dd10299f125ba6e7ba518f17 (diff)
downloadvyos-live-build-58209e8bd8b7c159c64405cde9e127de54af293f.tar.gz
vyos-live-build-58209e8bd8b7c159c64405cde9e127de54af293f.zip
Use a two-stage mount again for mounting config inside chroot in lb_chroot_hooks.
This reverts part of cacf9b6e34 (but also adds a "bind" option to the remount command, as documented in mount(8)). Apparently, doing "mount -o bind,ro" doesn't work. It outputs: mount: warning: chroot/root/config seems to be mounted read-write. and mounts read-write instead of read-only. This behaviour is documented in mount(8). Newer kernels do seem to allow combining bind with the read-only option (see mount(2)), but this does not seem to work (possibly because mount is trying to be smart).
-rwxr-xr-xscripts/build/lb_chroot_hooks9
1 files changed, 7 insertions, 2 deletions
diff --git a/scripts/build/lb_chroot_hooks b/scripts/build/lb_chroot_hooks
index 64656a041..efce80bf9 100755
--- a/scripts/build/lb_chroot_hooks
+++ b/scripts/build/lb_chroot_hooks
@@ -40,9 +40,14 @@ Create_lockfile .lock
## Processing distribution hooks
-# Make build config available to chroot hooks.
+# Make build config available to chroot hooks. First, make the bind
+# mount and then make it read-only. This can't happen in one mount
+# command, then the resulting mount will be rw (see mount(8)). Making it
+# ro prevents modifications and prevents accidentally removing the
+# contents of the config directory when removing the chroot.
mkdir -p chroot/root/config
-mount -o bind,ro config chroot/root/config
+mount -o bind config chroot/root/config
+mount -o remount,ro,bind config chroot/root/config
# Copying hooks
for _HOOK in ${LB_CHROOT_HOOKS}