sandboxlib.linux_user_chroot: Allow manually specified read-only mounts

You can't create a bind-mount as read-only,
you can only bind-mount then remount it as read-only.

So a sandboxlib user might opt to say it wants to bind something in,
then make it read-only, as two separate extra mounts.

We can't do this directly with linux-user-chroot,
as we are restricted to bind-mounts and making a subtree read-only,
but making a subtree read-only is close enough.

1 files changed, 8 insertions, 0 deletions

diff --git a/sandboxlib/linux_user_chroot.py b/sandboxlib/linux_user_chroot.py
index 943bde5..979d5d5 100644
--- a/sandboxlib/linux_user_chroot.py
+++ b/sandboxlib/linux_user_chroot.py
@@ -100,6 +100,14 @@ def args_for_mount(mount_source, mount_target, mount_type, mount_options,
                 mount_type)
         else:
             args = ['--mount-bind', mount_source, mount_target]
+    elif mount_options and all(opt in mount_options.split(",")
+                               for opt in ("remount", "ro")):
+        if not is_none(mount_type):
+            raise AssertionError(
+                "Type cannot be specified for 'remount,ro' mounts. Got '%s'" %
+                mount_type)
+        else:
+            args = ['--mount-readonly', mount_target]
     else:
         raise AssertionError(
             "Unsupported mount type '%s' for linux-user-chroot backend." %