[buildd-tools-devel] Bug#623913: Bug#623913: schroot: Please support read-only bind-mounts
Roger Leigh
rleigh at codelibre.net
Sun Feb 23 20:08:59 UTC 2014
On Sat, Feb 22, 2014 at 11:42:11AM +0100, Ralf Jung wrote:
> this would indeed be a great feature. It would also be interesting to be
> able to make the chroot "root" mount (which is not controlled by the
> fstab file) read-only.
I recall that there's a reason why "ro,bind" doesn't work directly--you
have to do two bind mounts to get it properly read-only. Is that
correct? What's the recommended sequence to make this work properly?
If we see "ro" and "bind" in the mount options, we can probably
special-case it; but if it's doable directly in the fstab file, that
would be even better. can you do it with two entries?
> Furthermore, there are additional interesting
> flags that can be set for bind mounts, but only with a remount - think
> of nosuid, noexec.
Definitely. If we can do this as for ro, that sounds like a good idea.
WRT the "root" mount, this will vary depending upon the chroot type.
For example, we have mount options for LVM-snapshot and block-device
type chroots already. We don't for btrfs, but we could potentially
remount the subvolume. Other non-mountable types might be unpacked
directly on /var, in which case we would have to do bind mount on
to of the mount trickery?
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' schroot and sbuild http://alioth.debian.org/projects/buildd-tools
`- GPG Public Key F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800
More information about the Buildd-tools-devel
mailing list