Only remount various directories if invoked as root

If we weren't invoked as root we aren't allowed to write to any of
these anyway so no need to remount them read-only.

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 81b9f26a40d256ebd79fbf91720bc859132aa15c..5b3cf2cf09b0040d766d9a0b72e27c822387853f 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -4724,14 +4724,15 @@ def run_build(args: Args, config: Config, *, resources: Path, package_dir: Optio
     # For extra safety when running as root, remount a bunch of stuff read-only.
     # Because some build systems use output directories in /usr, we only remount
     # /usr read-only if the output directory is not relative to it.
-    remount = ["/etc", "/opt", "/boot", "/efi", "/media"]
-    if not config.output_dir_or_cwd().is_relative_to("/usr"):
-        remount += ["/usr"]
-
-    for d in remount:
-        if Path(d).exists():
-            options = "ro" if d in ("/usr", "/opt") else "ro,nosuid,nodev,noexec"
-            run(["mount", "--rbind", d, d, "--options", options])
+    if INVOKING_USER.invoked_as_root:
+        remount = ["/etc", "/opt", "/boot", "/efi", "/media"]
+        if not config.output_dir_or_cwd().is_relative_to("/usr"):
+            remount += ["/usr"]
+
+        for d in remount:
+            if Path(d).exists():
+                options = "ro" if d in ("/usr", "/opt") else "ro,nosuid,nodev,noexec"
+                run(["mount", "--rbind", d, d, "--options", options])
 
     with (
         complete_step(f"Building {config.name()} image"),