mirror of
https://github.com/systemd/systemd.git
synced 2024-11-05 23:51:28 +03:00
nspawn: Don't mount read-only if we have a custom mount on root.
This commit is contained in:
parent
12da859a3f
commit
bbd407ea2b
@ -989,6 +989,19 @@ int mount_custom(
|
||||
return 0;
|
||||
}
|
||||
|
||||
bool has_custom_root_mount(const CustomMount *mounts, size_t n) {
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < n; i++) {
|
||||
const CustomMount *m = mounts + i;
|
||||
|
||||
if (path_equal(m->destination, "/"))
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
static int setup_volatile_state(const char *directory, uid_t uid_shift, const char *selinux_apifs_context) {
|
||||
|
||||
_cleanup_free_ char *buf = NULL;
|
||||
|
@ -55,6 +55,7 @@ int mount_all(const char *dest, MountSettingsMask mount_settings, uid_t uid_shif
|
||||
int mount_sysfs(const char *dest, MountSettingsMask mount_settings);
|
||||
|
||||
int mount_custom(const char *dest, CustomMount *mounts, size_t n, uid_t uid_shift, const char *selinux_apifs_context, MountSettingsMask mount_settings);
|
||||
bool has_custom_root_mount(const CustomMount *mounts, size_t n);
|
||||
|
||||
int setup_volatile_mode(const char *directory, VolatileMode mode, uid_t uid_shift, const char *selinux_apifs_context);
|
||||
|
||||
|
@ -3438,7 +3438,8 @@ static int outer_child(
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (arg_read_only && arg_volatile_mode == VOLATILE_NO) {
|
||||
if (arg_read_only && arg_volatile_mode == VOLATILE_NO &&
|
||||
!has_custom_root_mount(arg_custom_mounts, arg_n_custom_mounts)) {
|
||||
r = bind_remount_recursive(directory, MS_RDONLY, MS_RDONLY, NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to make tree read-only: %m");
|
||||
|
Loading…
Reference in New Issue
Block a user