Use a two-stage mount again for mounting config inside chroot in lb_chroot_hooks.
This reverts part of cacf9b6e34 (but also adds a "bind" option to the
remount command, as documented in mount(8)).
Apparently, doing "mount -o bind,ro" doesn't work. It outputs:
mount: warning: chroot/root/config seems to be mounted read-write.
and mounts read-write instead of read-only. This behaviour is
documented in mount(8). Newer kernels do seem to allow
combining bind with the read-only option (see mount(2)), but this does
not seem to work (possibly because mount is trying to be smart).
This commit is contained in:
Matthijs Kooijman
parent
7f9cfe3551
commit
58209e8bd8
|
|
@ -40,9 +40,14 @@ Create_lockfile .lock
|
|||
|
||||
## Processing distribution hooks
|
||||
|
||||
# Make build config available to chroot hooks.
|
||||
# Make build config available to chroot hooks. First, make the bind
|
||||
# mount and then make it read-only. This can't happen in one mount
|
||||
# command, then the resulting mount will be rw (see mount(8)). Making it
|
||||
# ro prevents modifications and prevents accidentally removing the
|
||||
# contents of the config directory when removing the chroot.
|
||||
mkdir -p chroot/root/config
|
||||
mount -o bind,ro config chroot/root/config
|
||||
mount -o bind config chroot/root/config
|
||||
mount -o remount,ro,bind config chroot/root/config
|
||||
|
||||
# Copying hooks
|
||||
for _HOOK in ${LB_CHROOT_HOOKS}
|
||||
|
|
|
|||
Loading…
Reference in New Issue