nspawn: Make a custom mount on root imply --read-only.

2019-12-24 11:40:03 +01:00 · 2019-12-24 11:40:03 +01:00 · 2436ea761b
parent bbd407ea2b
commit 2436ea761b
1 changed files with 3 additions and 0 deletions
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@ -1541,6 +1541,9 @@ static int verify_arguments(void) {
        if (arg_volatile_mode != VOLATILE_NO) /* Make sure all file systems contained in the image are mounted read-only if we are in volatile mode */
                arg_read_only = true;

+        if (has_custom_root_mount(arg_custom_mounts, arg_n_custom_mounts))
+                arg_read_only = true;
+
        if (arg_keep_unit && arg_register && cg_pid_get_owner_uid(0, NULL) >= 0)
                /* Save the user from accidentally registering either user-$SESSION.scope or user@.service.
                 * The latter is not technically a user session, but we don't need to labour the point. */