aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVáclav Pavlín <vpavlin@redhat.com>2013-09-03 17:36:39 +0200
committerVáclav Pavlín <vpavlin@redhat.com>2013-09-12 15:29:39 +0200
commit45696ec2f7324de1331d79518a5ee8dd80f3bc0e (patch)
tree7ab6bb514f24c483724b90c066af528b3809437e
parent8f5a82934f801ec94847fc899d235a39df9967a7 (diff)
downloadinitscripts-45696ec2f7324de1331d79518a5ee8dd80f3bc0e.tar
initscripts-45696ec2f7324de1331d79518a5ee8dd80f3bc0e.tar.gz
initscripts-45696ec2f7324de1331d79518a5ee8dd80f3bc0e.tar.bz2
initscripts-45696ec2f7324de1331d79518a5ee8dd80f3bc0e.tar.xz
initscripts-45696ec2f7324de1331d79518a5ee8dd80f3bc0e.zip
readonly-root: bind-mount only necessary subset of entries in rwtab
-rwxr-xr-xsystemd/fedora-readonly45
1 files changed, 32 insertions, 13 deletions
diff --git a/systemd/fedora-readonly b/systemd/fedora-readonly
index 66634e24..bc2b2bcb 100755
--- a/systemd/fedora-readonly
+++ b/systemd/fedora-readonly
@@ -38,27 +38,32 @@ if strstr "$cmdline" noreadonlyroot ; then
READONLY=no
fi
+MOUNTS=()
if [ "$READONLY" = "yes" -o "$TEMPORARY_STATE" = "yes" ]; then
- mount_empty() {
- if [ -e "$1" ]; then
+ add_mount() {
+ MOUNTS=("${MOUNTS[@]}" "$1")
+ }
+
+ cp_empty() {
+ if [ -e "$1" ]; then
echo "$1" | cpio -p -vd "$RW_MOUNT" &>/dev/null
- mount -n --bind "$RW_MOUNT$1" "$1"
+ add_mount $1
fi
- }
+ }
- mount_dirs() {
+ cp_dirs() {
if [ -e "$1" ]; then
mkdir -p "$RW_MOUNT$1"
find "$1" -type d -print0 | cpio -p -0vd "$RW_MOUNT" &>/dev/null
- mount -n --bind "$RW_MOUNT$1" "$1"
+ add_mount $1
fi
}
- mount_files() {
+ cp_files() {
if [ -e "$1" ]; then
cp -a --parents "$1" "$RW_MOUNT"
- mount -n --bind "$RW_MOUNT$1" "$1"
+ add_mount $1
fi
}
@@ -83,24 +88,38 @@ if [ "$READONLY" = "yes" -o "$TEMPORARY_STATE" = "yes" ]; then
for file in /etc/rwtab /etc/rwtab.d/* /run/initramfs/rwtab ; do
is_ignored_file "$file" && continue
- [ -f $file ] && cat $file | while read type path ; do
+ [ -f $file ] && while read type path ; do
case "$type" in
empty)
- mount_empty $path
+ cp_empty $path
;;
files)
- mount_files $path
+ cp_files $path
;;
dirs)
- mount_dirs $path
+ cp_dirs $path
;;
*)
;;
esac
selinux_fixup "$path"
- done
+ done < <(cat $file)
done
+ for m in "${MOUNTS[@]}"; do
+ prefix=0
+ for mount_point in "${MOUNTS[@]}"; do
+ [[ $m = $mount_point ]] && continue
+ if [[ $m =~ ^$mount_point.* ]] ; then
+ prefix=1
+ break
+ fi
+ done
+ [[ $prefix -eq 1 ]] && continue
+
+ mount -n --bind "$RW_MOUNT$m" "$m"
+ done
+
# Use any state passed by initramfs
[ -d /run/initramfs/state ] && cp -a /run/initramfs/state/* $RW_MOUNT