[buildd-tools-devel] Bug#623913: schroot: Please support read-only bind-mounts
Stefano Rivera
stefanor at debian.org
Sun Apr 24 10:30:25 UTC 2011
Package: schroot
Version: 1.4.21-1+b1
Severity: wishlist
Linux supports read-only bind-mounts, but they can only be made
read-only after bind-mounting, not during.
i.e.
mount --bind /foo /bar
mount -o remount,ro /bar
I hacked support for this into my schroot installation by running the
following after schroot-mount in 10mount:
sed -nre 's/([^ \t]*).*ro,bind.*/\1/ p' "$FSTAB" \
| while read ro_mountpoint; do
info "Remounting $ro_mountpoint read-only"
mount -o remount,ro "$CHROOT_MOUNT_LOCATION/$ro_mountpoint"
done
But it would be really nice if schroot-mount supported it.
SR
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.38-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_ZA.UTF-8, LC_CTYPE=en_ZA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages schroot depends on:
ii libboost-filesystem1.46.1 1.46.1-3 filesystem operations (portable pa
ii libboost-program-options1.46. 1.46.1-3 program options library for C++
ii libboost-regex1.46.1 1.46.1-3 regular expression library for C++
ii libboost-system1.46.1 1.46.1-3 Operating system (e.g. diagnostics
ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.6.0-2 GCC support library
ii liblockdev1 1.0.3-1.4 Run-time shared library for lockin
ii libpam0g 1.1.2-2 Pluggable Authentication Modules l
ii libstdc++6 4.6.0-2 The GNU Standard C++ Library v3
ii libuuid1 2.17.2-9.1 Universally Unique ID library
ii schroot-common 1.4.21-1 common files for schroot
schroot recommends no packages.
Versions of packages schroot suggests:
pn aufs-modules | unionfs-m <none> (no description available)
ii btrfs-tools 0.19+20101101-1 Checksumming Copy on Write Filesys
ii debootstrap 1.0.29 Bootstrap a basic Debian system
pn lvm2 <none> (no description available)
ii unzip 6.0-4 De-archiver for .zip files
-- Configuration Files:
/etc/schroot/default/fstab changed:
/proc /proc none rw,rbind 0 0
/sys /sys none rw,rbind 0 0
/dev /dev none rw,rbind 0 0
/home /home none ro,bind 0 0
/home/stefanor/deb /home/stefanor/deb none rw,bind 0 0
/tmp /tmp none rw,bind 0 0
/etc/schroot/setup.d/10mount changed:
set -e
. "$SETUP_DATA_DIR/common-data"
. "$SETUP_DATA_DIR/common-functions"
if [ -f "$CHROOT_SCRIPT_CONFIG" ]; then
. "$CHROOT_SCRIPT_CONFIG"
elif [ "$STATUS" = "ok" ]; then
fatal "script-config file '$CHROOT_SCRIPT_CONFIG' does not exist"
fi
do_mount()
{
info "Mounting $2 on $3"
if [ ! -d "$3" ]; then
mkdir -p "$3"
fi
if [ ! -d "$3" ]; then
fatal "$3 does not exist, and could not be created"
fi
info "$MOUNT_VERBOSE $1 $2 $3"
mount $MOUNT_VERBOSE $1 "$2" "$3"
}
do_umount_all()
{
if [ -d "$1" ]; then
# Note that flock is used here to prevent races reading
# /proc/mounts, which on current (Linux 2.6.32) kernels is
# racy. If other processes are mounting or unmounting
# filesystems as we read it, we can miss mount entries due to
# the file changing as we read it. This needs fixing in the
# kernel, but an exclusive lock surrounding the
# schroot-listmounts invocation is a partial fix. This
# prevents racing when multiple schroot processes are running.
# Note that this does not prevent the problem when programs
# other than schroot mount and unmount filesystems (since they
# don't create the lock).
( flock 9
mounts="$("$LIBEXEC_DIR/schroot-listmounts" -m "$1")"
if [ "x$mounts" != 'x' ]; then
echo "$mounts" |
while read mountloc; do
info "Unmounting $mountloc"
umount "$mountloc" || exit 1
done || exit 1
fi
) 9>"/var/lock/schroot-umount"
else
warn "Mount location $1 no longer exists; skipping unmount"
fi
}
do_mount_fs_union()
{
# Prepare mount options (branch config) for union type
if [ -z "$CHROOT_UNION_MOUNT_OPTIONS" ]; then
case $CHROOT_UNION_TYPE in
unionfs)
CHROOT_UNION_MOUNT_OPTIONS="dirs=${CHROOT_UNION_OVERLAY_DIRECTORY}=rw,${CHROOT_UNION_UNDERLAY_DIRECTORY}=ro"
;;
aufs)
CHROOT_UNION_MOUNT_OPTIONS="br:${CHROOT_UNION_OVERLAY_DIRECTORY}:${CHROOT_UNION_UNDERLAY_DIRECTORY}=ro"
;;
esac
fi
info "Using '$CHROOT_UNION_TYPE' for filesystem union"
# Try mounting fs
mount -t "$CHROOT_UNION_TYPE" -o "$CHROOT_UNION_MOUNT_OPTIONS" "$CHROOT_NAME" "$1"
}
if [ "$VERBOSE" = "verbose" ]; then
MOUNT_VERBOSE="-v"
fi
if [ "$CHROOT_TYPE" = "directory" ] \
|| [ "$CHROOT_TYPE" = "file" ] \
|| [ "$CHROOT_TYPE" = "loopback" ] \
|| [ "$CHROOT_TYPE" = "block-device" ] \
|| [ "$CHROOT_TYPE" = "lvm-snapshot" ] \
|| [ "$CHROOT_TYPE" = "btrfs-snapshot" ]; then
if [ "${CHROOT_UNION_TYPE:-none}" != "none" ]; then
CREATE_UNION="yes"
else
CREATE_UNION="no"
fi
if [ $STAGE = "setup-start" ] || [ $STAGE = "setup-recover" ]; then
case "$HOST_OS" in
freebsd* | k*bsd*-gnu) :
BINDOPT="-t nullfs"
;;
*):
BINDOPT="--bind"
;;
esac
if [ "$CHROOT_TYPE" = "directory" ]; then
CHROOT_MOUNT_OPTIONS="$BINDOPT $CHROOT_MOUNT_OPTIONS"
CHROOT_MOUNT_DEVICE="$CHROOT_DIRECTORY"
if [ ! -d "$CHROOT_DIRECTORY" ]; then
fatal "Directory '$CHROOT_DIRECTORY' does not exist"
fi
elif [ "$CHROOT_TYPE" = "file" ]; then
CHROOT_MOUNT_OPTIONS="$BINDOPT $CHROOT_MOUNT_OPTIONS"
CHROOT_MOUNT_DEVICE="${CHROOT_FILE_UNPACK_DIR}/${SESSION_ID}"
elif [ "$CHROOT_TYPE" = "block-device" ]; then
if [ ! "$DEVTYPE" "$CHROOT_DEVICE" ]; then
fatal "Device '$CHROOT_DEVICE' does not exist"
fi
elif [ "$CHROOT_TYPE" = "btrfs-snapshot" ]; then
CHROOT_MOUNT_OPTIONS="$BINDOPT $CHROOT_MOUNT_OPTIONS"
CHROOT_MOUNT_DEVICE="$CHROOT_BTRFS_SNAPSHOT_NAME"
elif [ "$CHROOT_TYPE" = "loopback" ]; then
if [ ! -f "$CHROOT_FILE" ]; then
fatal "File '$CHROOT_FILE' does not exist"
fi
case "$HOST_OS" in
freebsd* | k*bsd*-gnu):
LOOP_DEVICE="/dev/$(/sbin/mdconfig -a -t vnode -f "$CHROOT_FILE")"
CHROOT_MOUNT_DEVICE="$LOOP_DEVICE"
;;
*):
LOOP_DEVICE="$(/sbin/losetup -j "$CHROOT_FILE" | sed -e 's/:.*$//')"
if [ -z "$LOOP_DEVICE" ]; then
CHROOT_MOUNT_DEVICE="$CHROOT_FILE"
CHROOT_MOUNT_OPTIONS="-o loop $CHROOT_MOUNT_OPTIONS"
else
CHROOT_MOUNT_DEVICE="$LOOP_DEVICE"
fi
;;
esac
fi
if [ ! -d "$CHROOT_MOUNT_LOCATION" ]; then
mkdir -p "$CHROOT_MOUNT_LOCATION"
fi
if [ ! -d "$CHROOT_MOUNT_LOCATION" ]; then
fatal "$CHROOT_MOUNT_LOCATION does not exist, and could not be created"
fi
# If recovering, we want to remount all filesystems to ensure
# a sane state.
if [ $STAGE = "setup-recover" ]; then
if [ "$CREATE_UNION" = "yes" ]; then
do_umount_all "$CHROOT_UNION_UNDERLAY_DIRECTORY"
fi
do_umount_all "$CHROOT_MOUNT_LOCATION"
fi
if [ "$CREATE_UNION" = "yes" ]; then
do_mount "$CHROOT_MOUNT_OPTIONS" "$CHROOT_MOUNT_DEVICE" "$CHROOT_UNION_UNDERLAY_DIRECTORY"
do_mount_fs_union "$CHROOT_MOUNT_LOCATION"
else
do_mount "$CHROOT_MOUNT_OPTIONS" "$CHROOT_MOUNT_DEVICE" "$CHROOT_MOUNT_LOCATION"
fi
if [ -n "$FSTAB" ]; then
if [ -f "$FSTAB" ]; then
"$LIBEXEC_DIR/schroot-mount" $MOUNT_VERBOSE \
-f "$FSTAB" -m "$CHROOT_PATH"
sed -nre 's/([^ \t]*).*ro,bind.*/\1/ p' "$FSTAB" \
| while read ro_mountpoint; do
info "Remounting $ro_mountpoint read-only"
mount -o remount,ro "$CHROOT_MOUNT_LOCATION/$ro_mountpoint"
done
else
fatal "fstab file '$FSTAB' does not exist"
fi
fi
elif [ $STAGE = "setup-stop" ]; then
do_umount_all "$CHROOT_MOUNT_LOCATION"
if [ "$CREATE_UNION" = "yes" ]; then
do_umount_all "$CHROOT_UNION_UNDERLAY_DIRECTORY"
fi
# Purge mount location.
# The contents of file chroots are purged separately, because
# we might want to repack the contents.
if echo "$CHROOT_MOUNT_LOCATION" | grep -q "^$MOUNT_DIR/"; then
if [ -d "$CHROOT_MOUNT_LOCATION" ]; then
rmdir "$CHROOT_MOUNT_LOCATION"
fi
fi
fi
fi
-- no debconf information
More information about the Buildd-tools-devel
mailing list