git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Daniel P. Berrange <berrange@redhat.com>
	Mon, 9 Sep 2013 15:17:19 +0000 (16:17 +0100)
committer	Daniel P. Berrange <berrange@redhat.com>
	Thu, 12 Sep 2013 11:01:49 +0000 (12:01 +0100)
commit	75235a52bc58df5ed714ff8f937220cef9ddfe26
tree	2d18f366b6f08c43e4983393395550ebee532452	tree
parent	f27f5f7eddf531159d791a2b5ac438ca011b5f26	commit \| diff

Ensure root filesystem is recursively mounted readonly

If the guest is configured with

    <filesystem type='mount'>
      <source dir='/'/>
      <target dir='/'/>
      <readonly/>
    </filesystem>

Then any submounts under / should also end up readonly, except
for those setup as basic mounts. eg if the user has /home on a
separate volume, they'd expect /home to be readonly, but we
should not touch the /sys, /proc, etc dirs we setup ourselves.

Users can selectively make sub-mounts read-write again by
simply listing them as new mounts without the <readonly>
flag set

    <filesystem type='mount'>
      <source dir='/home'/>
      <target dir='/home'/>
    </filesystem>

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>