From 896f937f58f42284dbebcd0a7f5ddc87fd5517b7 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 29 Sep 2017 14:19:22 +0200 Subject: [PATCH] dissect: automatically mark partitions read-only that have a read-only file system Specifically, squashfs and iso9660 are always read-only, hence make sure we never even think about mounting them writable. --- src/basic/mount-util.c | 13 +++++++++++++ src/basic/mount-util.h | 1 + src/shared/dissect-image.c | 3 +++ 3 files changed, 17 insertions(+) diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c index cff44116c88..843d266a2f5 100644 --- a/src/basic/mount-util.c +++ b/src/basic/mount-util.c @@ -578,6 +578,19 @@ bool fstype_is_api_vfs(const char *fstype) { return nulstr_contains(table, fstype); } +bool fstype_is_ro(const char *fstype) { + + /* All Linux file systems that are necessarily read-only */ + + static const char table[] = + "DM_verity_hash\0" + "iso9660\0" + "squashfs\0" + ; + + return nulstr_contains(table, fstype); +} + int repeat_unmount(const char *path, int flags) { bool done = false; diff --git a/src/basic/mount-util.h b/src/basic/mount-util.h index 70af11c2ff0..3ec0e7d1f83 100644 --- a/src/basic/mount-util.h +++ b/src/basic/mount-util.h @@ -45,6 +45,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(FILE*, endmntent); bool fstype_is_network(const char *fstype); bool fstype_is_api_vfs(const char *fstype); +bool fstype_is_ro(const char *fsype); union file_handle_union { struct file_handle handle; diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index f11b5225582..b02b2897d3e 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -591,6 +591,9 @@ int dissect_image(int fd, const void *root_hash, size_t root_hash_size, DissectI if (streq_ptr(p->fstype, "crypto_LUKS")) m->encrypted = true; + + if (p->fstype && fstype_is_ro(p->fstype)) + p->rw = false; } *ret = m; -- 2.47.3