diff options
author | Richard Maw <richard.maw@gmail.com> | 2015-11-21 18:39:12 +0000 |
---|---|---|
committer | Richard Maw <richard.maw@gmail.com> | 2015-11-21 21:14:21 +0000 |
commit | 07d016785495c3cf53a6008ea13326831b395121 (patch) | |
tree | dba8ba41fb7da28c3536f7a0fda33e4e9b45d5b8 | |
parent | a658ede1ed5b37700f9470b5e78cbf4f184489bb (diff) | |
download | sandboxlib-07d016785495c3cf53a6008ea13326831b395121.tar.gz |
sandboxlib.linux_user_chroot: Allow manually specified read-only mounts
You can't create a bind-mount as read-only,
you can only bind-mount then remount it as read-only.
So a sandboxlib user might opt to say it wants to bind something in,
then make it read-only, as two separate extra mounts.
We can't do this directly with linux-user-chroot,
as we are restricted to bind-mounts and making a subtree read-only,
but making a subtree read-only is close enough.
-rw-r--r-- | sandboxlib/linux_user_chroot.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/sandboxlib/linux_user_chroot.py b/sandboxlib/linux_user_chroot.py index 943bde5..979d5d5 100644 --- a/sandboxlib/linux_user_chroot.py +++ b/sandboxlib/linux_user_chroot.py @@ -100,6 +100,14 @@ def args_for_mount(mount_source, mount_target, mount_type, mount_options, mount_type) else: args = ['--mount-bind', mount_source, mount_target] + elif mount_options and all(opt in mount_options.split(",") + for opt in ("remount", "ro")): + if not is_none(mount_type): + raise AssertionError( + "Type cannot be specified for 'remount,ro' mounts. Got '%s'" % + mount_type) + else: + args = ['--mount-readonly', mount_target] else: raise AssertionError( "Unsupported mount type '%s' for linux-user-chroot backend." % |