From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 13 Jun 2024 18:30:31 +0000 (+0200)
Subject: Add nosuid,noexec and nodev where appropriate when remounting
X-Git-Tag: v24~99
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5db9ea8d9049fd1df58acbddcfa60b606df7ce68;p=thirdparty%2Fmkosi.git

Add nosuid,noexec and nodev where appropriate when remounting

If not we get permission errors if the host mount uses nosuid,noexec
or nodev.

Fixes #2776
---

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 0405f56c3..7c081113d 100644
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -4609,7 +4609,8 @@ def run_build(args: Args, config: Config, *, resources: Path) -> None:
 
     for d in remount:
         if Path(d).exists():
-            run(["mount", "--rbind", d, d, "--options", "ro"])
+            options = "ro" if d in ("/usr", "/opt") else "ro,nosuid,nodev,noexec"
+            run(["mount", "--rbind", d, d, "--options", options])
 
     with (
         complete_step(f"Building {config.name()} image"),