The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/3476
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Added remount of binded mounts with readonly mode if flag "readonly" is "true". Signed-off-by: Denis Pynkin <denis.pyn...@collabora.com>
From f8f723da1e616d4884452f58a964935218486e27 Mon Sep 17 00:00:00 2001 From: Denis Pynkin <denis.pyn...@collabora.com> Date: Sat, 1 Jul 2017 20:32:06 +0300 Subject: [PATCH] Fix readonly mode for directory mount Added remount of binded mounts with readonly mode if flag "readonly" is "true". Signed-off-by: Denis Pynkin <denis.pyn...@collabora.com> --- lxd/devices.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lxd/devices.go b/lxd/devices.go index b15eedef3..7d65bfa1b 100644 --- a/lxd/devices.go +++ b/lxd/devices.go @@ -909,6 +909,14 @@ func deviceMountDisk(srcPath string, dstPath string, readonly bool, recursive bo return fmt.Errorf("Unable to mount %s at %s: %s", srcPath, dstPath, err) } + // Remount bind mounts in readonly mode if requested + if readonly == true && flags&syscall.MS_BIND == syscall.MS_BIND { + flags = syscall.MS_RDONLY | syscall.MS_BIND | syscall.MS_REMOUNT + if err = syscall.Mount("", dstPath, fstype, uintptr(flags), ""); err != nil { + return fmt.Errorf("Unable to mount %s in readonly mode: %s", dstPath, err) + } + } + flags = syscall.MS_REC | syscall.MS_SLAVE if err = syscall.Mount("", dstPath, "", uintptr(flags), ""); err != nil { return fmt.Errorf("unable to make mount %s private: %s", dstPath, err)
_______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel