Merge pull request #14420 from DaanDeMeyer/nspawn-fix-read-only-overlay-rootfs
nspawn: Don't mount read-only if we have a custom mount on root.
This commit is contained in:
commit
a2a64d3ac9
|
@ -989,6 +989,19 @@ int mount_custom(
|
|||
return 0;
|
||||
}
|
||||
|
||||
bool has_custom_root_mount(const CustomMount *mounts, size_t n) {
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < n; i++) {
|
||||
const CustomMount *m = mounts + i;
|
||||
|
||||
if (path_equal(m->destination, "/"))
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
static int setup_volatile_state(const char *directory, uid_t uid_shift, const char *selinux_apifs_context) {
|
||||
|
||||
_cleanup_free_ char *buf = NULL;
|
||||
|
|
|
@ -55,6 +55,7 @@ int mount_all(const char *dest, MountSettingsMask mount_settings, uid_t uid_shif
|
|||
int mount_sysfs(const char *dest, MountSettingsMask mount_settings);
|
||||
|
||||
int mount_custom(const char *dest, CustomMount *mounts, size_t n, uid_t uid_shift, const char *selinux_apifs_context, MountSettingsMask mount_settings);
|
||||
bool has_custom_root_mount(const CustomMount *mounts, size_t n);
|
||||
|
||||
int setup_volatile_mode(const char *directory, VolatileMode mode, uid_t uid_shift, const char *selinux_apifs_context);
|
||||
|
||||
|
|
|
@ -1541,6 +1541,9 @@ static int verify_arguments(void) {
|
|||
if (arg_volatile_mode != VOLATILE_NO) /* Make sure all file systems contained in the image are mounted read-only if we are in volatile mode */
|
||||
arg_read_only = true;
|
||||
|
||||
if (has_custom_root_mount(arg_custom_mounts, arg_n_custom_mounts))
|
||||
arg_read_only = true;
|
||||
|
||||
if (arg_keep_unit && arg_register && cg_pid_get_owner_uid(0, NULL) >= 0)
|
||||
/* Save the user from accidentally registering either user-$SESSION.scope or user@.service.
|
||||
* The latter is not technically a user session, but we don't need to labour the point. */
|
||||
|
@ -3438,7 +3441,8 @@ static int outer_child(
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (arg_read_only && arg_volatile_mode == VOLATILE_NO) {
|
||||
if (arg_read_only && arg_volatile_mode == VOLATILE_NO &&
|
||||
!has_custom_root_mount(arg_custom_mounts, arg_n_custom_mounts)) {
|
||||
r = bind_remount_recursive(directory, MS_RDONLY, MS_RDONLY, NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to make tree read-only: %m");
|
||||
|
|
Loading…
Reference in New Issue