From 6ee1e23d405a7b37b58ca8b3a4aa6167773d137c Mon Sep 17 00:00:00 2001
From: Olivier Blin <blino@mageia.org>
Date: Tue, 2 Nov 2010 20:51:13 +0000
Subject: add iurt_root_command --bindmount, defaulting to read-only in most
 cases

---
 iurt_root_command | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'iurt_root_command')

diff --git a/iurt_root_command b/iurt_root_command
index d9d20fa..90233a5 100755
--- a/iurt_root_command
+++ b/iurt_root_command
@@ -35,6 +35,7 @@ my (@params, %run);
 $run{program_name} = $program_name;
 
 my %authorized_modules = ('unionfs' => 1);
+my %authorized_rw_bindmounts = ( map { $_ => 1 } qw(/proc /dev/pts /var/cache/icecream) );
 my $sudo = '/usr/bin/sudo';
 
 $run{todo} = [];
@@ -135,6 +136,9 @@ $run{todo} = [];
     ], "<file> <directory> [files]", 
     "Uncompress tarball", 
     \&untar, "Uncompress tarball" ],
+    [ "", "bindmount", 2, "<source> <dest>", 
+    "bind mount source on dest", 
+    \&bindmount, "Bind mounting" ],
     [ "", "umount", 1, "<directory>]", 
     "umount the given directory", 
     \&umount, "Unmounting" ],
@@ -359,6 +363,16 @@ sub untar {
     return !system('tar', 'xf', $file, '-C', $dir, @o_files);
 }
 
+sub bindmount {
+    my ($_run, $source, $dest) = @_;
+    check_path_authorized($dest) or return;
+    system("mount", "--bind", $source, $dest) == 0 or return;
+    if (!$authorized_rw_bindmounts{$source}) {
+        system("mount", "-o", "remount,ro", $dest) == 0 or return;
+    }
+    return 1;
+}
+
 sub umount {
     my ($_run, $dir) = @_;
     check_path_authorized($dir) or return;
-- 
cgit v1.2.1