shaba/ostree
1
0
Fork 0
mirror of https://github.com/ostreedev/ostree.git synced 2025-01-03 05:18:24 +03:00
Code Issues Projects Releases Wiki Activity

prepare-root: Make leftover /sysroot immutable

Browse Source
This commit is contained in:
Misaki Kasumi 2024-12-19 14:32:48 +08:00
parent a5c64da05e
commit 1d4dc03de8
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Makefile-switchroot.am
View File

@ -50,7 +50,8 @@ CLEANFILES += ostree-prepare-root
else else
ostree_boot_PROGRAMS += ostree-prepare-root ostree_boot_PROGRAMS += ostree-prepare-root
ostree_prepare_root_CFLAGS += $(AM_CFLAGS) -Isrc/switchroot -I$(srcdir)/src/libostree -I$(srcdir)/src/libotcore -I$(srcdir)/src/libotutil ostree_prepare_root_CFLAGS += $(AM_CFLAGS) -Isrc/switchroot -I$(srcdir)/src/libostree -I$(srcdir)/src/libotcore -I$(srcdir)/src/libotutil
ostree_prepare_root_SOURCES += src/switchroot/ostree-prepare-root.c ostree_prepare_root_SOURCES += src/switchroot/ostree-prepare-root.c \
src/libostree/ostree-linuxfsutil.c
ostree_prepare_root_CPPFLAGS += $(OT_INTERNAL_GIO_UNIX_CFLAGS) $(OT_DEP_CRYPTO_CFLAGS) -I $(srcdir)/libglnx ostree_prepare_root_CPPFLAGS += $(OT_INTERNAL_GIO_UNIX_CFLAGS) $(OT_DEP_CRYPTO_CFLAGS) -I $(srcdir)/libglnx
ostree_prepare_root_LDADD += $(AM_LDFLAGS) $(OT_INTERNAL_GIO_UNIX_LIBS) $(OT_DEP_CRYPTO_LIBS) libotcore.la libotutil.la libglnx.la ostree_prepare_root_LDADD += $(AM_LDFLAGS) $(OT_INTERNAL_GIO_UNIX_LIBS) $(OT_DEP_CRYPTO_LIBS) libotcore.la libotutil.la libglnx.la
endif # BUILDOPT_USE_STATIC_COMPILER endif # BUILDOPT_USE_STATIC_COMPILER

17
src/switchroot/ostree-prepare-root.c
View File

@ -98,6 +98,7 @@
#include <libcomposefs/lcfs-writer.h> #include <libcomposefs/lcfs-writer.h>
#endif #endif
#include "ostree-linuxfsutil.h"
#include "ostree-mount-util.h" #include "ostree-mount-util.h"
static bool static bool
@ -775,6 +776,22 @@ main (int argc, char *argv[])
/* Unmount /sysroot */ /* Unmount /sysroot */
if (umount2 ("sysroot", MNT_DETACH) < 0) if (umount2 ("sysroot", MNT_DETACH) < 0)
err (EXIT_FAILURE, "failed to unmount /sysroot"); err (EXIT_FAILURE, "failed to unmount /sysroot");
/* Attempt to make the leftover empty /sysroot immutable.
* This is to prevent accidental modification when root.transient is enabled.
*/
do
{
g_autoptr (GError) local_error = NULL;
glnx_autofd int fd = -1;
if (!glnx_opendirat (AT_FDCWD, "sysroot", TRUE, &fd, &local_error))
err (EXIT_FAILURE, "failed to open /sysroot");
/* It's funny that we need to first touch it to move it to upper layer */
if (futimens (fd, NULL) < 0)
break;
if (!_ostree_linuxfs_fd_alter_immutable_flag (fd, TRUE, NULL, &local_error))
break;
} while (FALSE);
} }
else if (sysroot_readonly) else if (sysroot_readonly)
{ {