prepare-root: Make leftover /sysroot immutable

Makefile-switchroot.am

@@ -50,7 +50,8 @@ CLEANFILES += ostree-prepare-root
 else
 ostree_boot_PROGRAMS += ostree-prepare-root
 ostree_prepare_root_CFLAGS += $(AM_CFLAGS) -Isrc/switchroot -I$(srcdir)/src/libostree -I$(srcdir)/src/libotcore -I$(srcdir)/src/libotutil
-ostree_prepare_root_SOURCES += src/switchroot/ostree-prepare-root.c
+ostree_prepare_root_SOURCES += src/switchroot/ostree-prepare-root.c \
+	src/libostree/ostree-linuxfsutil.c
 ostree_prepare_root_CPPFLAGS += $(OT_INTERNAL_GIO_UNIX_CFLAGS) $(OT_DEP_CRYPTO_CFLAGS) -I $(srcdir)/libglnx
 ostree_prepare_root_LDADD += $(AM_LDFLAGS) $(OT_INTERNAL_GIO_UNIX_LIBS) $(OT_DEP_CRYPTO_LIBS) libotcore.la libotutil.la libglnx.la
 endif # BUILDOPT_USE_STATIC_COMPILER

src/switchroot/ostree-prepare-root.c

@@ -98,6 +98,7 @@
 #include <libcomposefs/lcfs-writer.h>
 #endif
 
+#include "ostree-linuxfsutil.h"
 #include "ostree-mount-util.h"
 
 static bool
@@ -775,6 +776,22 @@ main (int argc, char *argv[])
       /* Unmount /sysroot */
       if (umount2 ("sysroot", MNT_DETACH) < 0)
         err (EXIT_FAILURE, "failed to unmount /sysroot");
+
+      /* Attempt to make the leftover empty /sysroot immutable.
+       * This is to prevent accidental modification when root.transient is enabled.
+       */
+      do
+        {
+          g_autoptr (GError) local_error = NULL;
+          glnx_autofd int fd = -1;
+          if (!glnx_opendirat (AT_FDCWD, "sysroot", TRUE, &fd, &local_error))
+            err (EXIT_FAILURE, "failed to open /sysroot");
+          /* It's funny that we need to first touch it to move it to upper layer */
+          if (futimens (fd, NULL) < 0)
+            break;
+          if (!_ostree_linuxfs_fd_alter_immutable_flag (fd, TRUE, NULL, &local_error))
+            break;
+        } while (FALSE);
     }
   else if (sysroot_readonly)
     {