summaryrefslogtreecommitdiff
path: root/scripts/build/lb_chroot_hooks
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/build/lb_chroot_hooks')
-rwxr-xr-xscripts/build/lb_chroot_hooks9
1 files changed, 7 insertions, 2 deletions
diff --git a/scripts/build/lb_chroot_hooks b/scripts/build/lb_chroot_hooks
index 64656a041..efce80bf9 100755
--- a/scripts/build/lb_chroot_hooks
+++ b/scripts/build/lb_chroot_hooks
@@ -40,9 +40,14 @@ Create_lockfile .lock
## Processing distribution hooks
-# Make build config available to chroot hooks.
+# Make build config available to chroot hooks. First, make the bind
+# mount and then make it read-only. This can't happen in one mount
+# command, then the resulting mount will be rw (see mount(8)). Making it
+# ro prevents modifications and prevents accidentally removing the
+# contents of the config directory when removing the chroot.
mkdir -p chroot/root/config
-mount -o bind,ro config chroot/root/config
+mount -o bind config chroot/root/config
+mount -o remount,ro,bind config chroot/root/config
# Copying hooks
for _HOOK in ${LB_CHROOT_HOOKS}