From 58209e8bd8b7c159c64405cde9e127de54af293f Mon Sep 17 00:00:00 2001
From: Matthijs Kooijman <matthijs@stdin.nl>
Date: Tue, 10 Jan 2012 21:01:06 +0100
Subject: Use a two-stage mount again for mounting config inside chroot in
 lb_chroot_hooks.

This reverts part of cacf9b6e34 (but also adds a "bind" option to the
remount command, as documented in mount(8)).

Apparently, doing "mount -o bind,ro" doesn't work. It outputs:

	mount: warning: chroot/root/config seems to be mounted read-write.

and mounts read-write instead of read-only. This behaviour is
documented in mount(8). Newer kernels do seem to allow
combining bind with the read-only option (see mount(2)), but this does
not seem to work (possibly because mount is trying to be smart).
---
 scripts/build/lb_chroot_hooks | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'scripts/build')

diff --git a/scripts/build/lb_chroot_hooks b/scripts/build/lb_chroot_hooks
index 64656a041..efce80bf9 100755
--- a/scripts/build/lb_chroot_hooks
+++ b/scripts/build/lb_chroot_hooks
@@ -40,9 +40,14 @@ Create_lockfile .lock
 
 ## Processing distribution hooks
 
-# Make build config available to chroot hooks.
+# Make build config available to chroot hooks. First, make the bind
+# mount and then make it read-only. This can't happen in one mount
+# command, then the resulting mount will be rw (see mount(8)). Making it
+# ro prevents modifications and prevents accidentally removing the
+# contents of the config directory when removing the chroot.
 mkdir -p chroot/root/config
-mount -o bind,ro config chroot/root/config
+mount -o bind config chroot/root/config
+mount -o remount,ro,bind config chroot/root/config
 
 # Copying hooks
 for _HOOK in ${LB_CHROOT_HOOKS}
-- 
cgit v1.2.3