dissect: automatically mark partitions read-only that have a read-only file system

Specifically, squashfs and iso9660 are always read-only, hence make sure
we never even think about mounting them writable.

diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c
index cff44116c884aca2aadc144a91f534f4cc84176e..843d266a2f5604bd48defd03e087f4f1c0197121 100644 (file)
--- a/src/basic/mount-util.c
+++ b/src/basic/mount-util.c
@@ -578,6 +578,19 @@ bool fstype_is_api_vfs(const char *fstype) {
         return nulstr_contains(table, fstype);
 }
 
+bool fstype_is_ro(const char *fstype) {
+
+        /* All Linux file systems that are necessarily read-only */
+
+        static const char table[] =
+                "DM_verity_hash\0"
+                "iso9660\0"
+                "squashfs\0"
+                ;
+
+        return nulstr_contains(table, fstype);
+}
+
 int repeat_unmount(const char *path, int flags) {
         bool done = false;
 

diff --git a/src/basic/mount-util.h b/src/basic/mount-util.h
index 70af11c2ff0a86da93f66ccade8bf60aefca5e70..3ec0e7d1f83fa708903657b5d57a90dcdae97a59 100644 (file)
--- a/src/basic/mount-util.h
+++ b/src/basic/mount-util.h
@@ -45,6 +45,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(FILE*, endmntent);
 
 bool fstype_is_network(const char *fstype);
 bool fstype_is_api_vfs(const char *fstype);
+bool fstype_is_ro(const char *fsype);
 
 union file_handle_union {
         struct file_handle handle;

diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
index f11b52255820df24a4af9eda11f17d7117ebef17..b02b2897d3e71faf455a3068cad7927bfafcb7b8 100644 (file)
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -591,6 +591,9 @@ int dissect_image(int fd, const void *root_hash, size_t root_hash_size, DissectI
 
                 if (streq_ptr(p->fstype, "crypto_LUKS"))
                         m->encrypted = true;
+
+                if (p->fstype && fstype_is_ro(p->fstype))
+                        p->rw = false;
         }
 
         *ret = m;