From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 11 Mar 2024 22:39:08 +0000 (+0100)
Subject: Don't remount /usr read-only if the output dir is inside of it
X-Git-Tag: v22~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=43aaa3e6e757bbc9a14dd4736c4957d78b479c51;p=thirdparty%2Fmkosi.git

Don't remount /usr read-only if the output dir is inside of it

Because some build systems use output directories in /usr, let's only remount
/usr read-only if the output directory is not relative to it.
---

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 4c35cbe35..20da37510 100644
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -3975,7 +3975,13 @@ def run_build(args: Args, config: Config, *, resources: Path) -> None:
         run(["mount", "--make-rslave", "/"])
 
     # For extra safety when running as root, remount a bunch of stuff read-only.
-    for d in ("/usr", "/etc", "/opt", "/boot", "/efi", "/media"):
+    # Because some build systems use output directories in /usr, we only remount
+    # /usr read-only if the output directory is not relative to it.
+    remount = ["/etc", "/opt", "/boot", "/efi", "/media"]
+    if not config.output_dir_or_cwd().is_relative_to("/usr"):
+        remount += ["/usr"]
+
+    for d in remount:
         if Path(d).exists():
             run(["mount", "--rbind", d, d, "--options", "ro"])