sandbox: Turn mount_rbind() into mount_bind()

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index ca24e703bb35aa26ae24f037e9331465aff89cdf..4183122445fe15a92c100911fefd729ac6f8d710 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -143,7 +143,7 @@ from mkosi.sandbox import (
     have_effective_cap,
     join_new_session_keyring,
     mount,
-    mount_rbind,
+    mount_bind,
     umask,
     unshare,
     userns_has_single_user,
@@ -4957,7 +4957,7 @@ def run_build(
             if d in ("/boot", "/efi"):
                 attrs |= MOUNT_ATTR_NOSUID | MOUNT_ATTR_NODEV | MOUNT_ATTR_NOEXEC
 
-            mount_rbind(d, d, attrs)
+            mount_bind(d, d, attrs, recursive=True)
 
     with (
         complete_step(f"Building {config.image} image"),

diff --git a/mkosi/sandbox.py b/mkosi/sandbox.py
index c2a34e66c873d4b4fc56c7b2d118d8e98c8c22c7..ed320bb8579cb187b26f9127e0ee727e311f66e9 100755 (executable)
--- a/mkosi/sandbox.py
+++ b/mkosi/sandbox.py
@@ -519,17 +519,17 @@ def move_mount(from_dirfd: int, from_path: str, to_dirfd: int, to_path: str, fla
         oserror("move_mount", to_path)
 
 
-def mount_rbind(src: str, dst: str, attrs: int = 0) -> None:
+def mount_bind(src: str, dst: str, attrs: int = 0, recursive: bool = False) -> None:
     """
     When using the old mount syscall to do a recursive bind mount, mount options are not
     applied recursively. Because we want to do recursive read-only bind mounts in some cases, we
     use the new mount API for that which does allow recursively changing mount options when doing
     bind mounts.
     """
-    flags = AT_NO_AUTOMOUNT | AT_RECURSIVE | AT_SYMLINK_NOFOLLOW | OPEN_TREE_CLONE
+    flags = AT_NO_AUTOMOUNT | (AT_RECURSIVE if recursive else 0) | AT_SYMLINK_NOFOLLOW | OPEN_TREE_CLONE
 
     with close(open_tree(AT_FDCWD, src, flags)) as fd:
-        mount_setattr(fd, "", AT_EMPTY_PATH | AT_RECURSIVE, mount_attr(attr_set=attrs))
+        mount_setattr(fd, "", AT_EMPTY_PATH | (AT_RECURSIVE if recursive else 0), mount_attr(attr_set=attrs))
         move_mount(fd, "", AT_FDCWD, dst, MOVE_MOUNT_F_EMPTY_PATH)
 
 
@@ -837,7 +837,7 @@ class BindOperation(FSOperation):
         # resolving it.
         dst = joinpath(newroot, self.dst)
         if not os.path.isdir(src) and os.path.islink(dst):
-            return mount_rbind(src, dst, attrs=MOUNT_ATTR_RDONLY if self.readonly else 0)
+            return mount_bind(src, dst, attrs=MOUNT_ATTR_RDONLY if self.readonly else 0, recursive=True)
 
         dst = chase(newroot, self.dst)
         if not os.path.exists(dst):
@@ -852,7 +852,7 @@ class BindOperation(FSOperation):
                 else:
                     os.mkdir(dst)
 
-        mount_rbind(src, dst, attrs=MOUNT_ATTR_RDONLY if self.readonly else 0)
+        mount_bind(src, dst, attrs=MOUNT_ATTR_RDONLY if self.readonly else 0, recursive=True)
 
 
 class DevOperation(FSOperation):
@@ -942,7 +942,7 @@ class SymlinkOperation(FSOperation):
         # If the target already exists and is not a directory, create the symlink somewhere else and mount
         # it over the existing file or symlink.
         os.symlink(self.src, "/symlink")
-        mount_rbind("/symlink", dst)
+        mount_bind("/symlink", dst)
         os.unlink("/symlink")