From: Tycho Andersen Date: Tue, 24 Mar 2020 16:16:50 +0000 (-0600) Subject: conf: fix read-only bind mounts X-Git-Tag: lxc-4.0.0~3^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=94bef7e4b4ee4b8b05bc4ba52b536fdc8d099c2c;p=thirdparty%2Flxc.git conf: fix read-only bind mounts Here we would always set MS_RDONLY in required_flags if it was set in mountflags, so the expression: !(required_flags & ~mountflags) would always be true, and we would always skip the remount. Instead, let's treat readonly as special: always do the remount if MS_RDONLY is present. Unfortunately it doesn't seem to show up in sb.f_flag, so we can't use the same path as everything else. This only inadvertently worked before because of a bug fixed in f75917858023 ("conf: don't accidently double-mount"). Signed-off-by: Tycho Andersen --- diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 2de772511..0c36737c6 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -1847,15 +1847,14 @@ static int mount_entry(const char *fsname, const char *target, } if ((mountflags & MS_REMOUNT) || (mountflags & MS_BIND)) { - unsigned long required_flags = 0; DEBUG("Remounting \"%s\" on \"%s\" to respect bind or remount options", srcpath ? srcpath : "(none)", target ? target : "(none)"); - if (mountflags & MS_RDONLY) - required_flags |= MS_RDONLY; #ifdef HAVE_STATVFS if (srcpath && statvfs(srcpath, &sb) == 0) { + unsigned long required_flags = 0; + if (sb.f_flag & MS_NOSUID) required_flags |= MS_NOSUID; @@ -1875,7 +1874,8 @@ static int mount_entry(const char *fsname, const char *target, * does not have any flags which are not already in * mountflags, then skip the remount. */ - if (!(mountflags & MS_REMOUNT) && !(required_flags & ~mountflags)) { + if (!(mountflags & MS_REMOUNT) && + (!(required_flags & ~mountflags) && !(mountflags & MS_RDONLY))) { DEBUG("Mountflags already were %lu, skipping remount", mountflags); goto skipremount; }