diff options
| author | Václav Pavlín <vpavlin@redhat.com> | 2013-09-03 17:36:39 +0200 |
|---|---|---|
| committer | Václav Pavlín <vpavlin@redhat.com> | 2013-09-12 15:32:25 +0200 |
| commit | e969b90c1a1d3c049b6757ebb0f1d86801f3e4c9 (patch) | |
| tree | 64a9a5a51381b7fbaa1d8fd892f739324d73c8ac /systemd | |
| parent | a6b9d19b819884bfaf28070b0ed9c2fe3bb6a1bc (diff) | |
| download | initscripts-e969b90c1a1d3c049b6757ebb0f1d86801f3e4c9.tar initscripts-e969b90c1a1d3c049b6757ebb0f1d86801f3e4c9.tar.gz initscripts-e969b90c1a1d3c049b6757ebb0f1d86801f3e4c9.tar.bz2 initscripts-e969b90c1a1d3c049b6757ebb0f1d86801f3e4c9.tar.xz initscripts-e969b90c1a1d3c049b6757ebb0f1d86801f3e4c9.zip | |
readonly-root: bind-mount only necessary subset of entries in rwtab
Diffstat (limited to 'systemd')
| -rwxr-xr-x | systemd/rhel-readonly | 45 |
1 files changed, 32 insertions, 13 deletions
diff --git a/systemd/rhel-readonly b/systemd/rhel-readonly index 66634e24..bc2b2bcb 100755 --- a/systemd/rhel-readonly +++ b/systemd/rhel-readonly @@ -38,27 +38,32 @@ if strstr "$cmdline" noreadonlyroot ; then READONLY=no fi +MOUNTS=() if [ "$READONLY" = "yes" -o "$TEMPORARY_STATE" = "yes" ]; then - mount_empty() { - if [ -e "$1" ]; then + add_mount() { + MOUNTS=("${MOUNTS[@]}" "$1") + } + + cp_empty() { + if [ -e "$1" ]; then echo "$1" | cpio -p -vd "$RW_MOUNT" &>/dev/null - mount -n --bind "$RW_MOUNT$1" "$1" + add_mount $1 fi - } + } - mount_dirs() { + cp_dirs() { if [ -e "$1" ]; then mkdir -p "$RW_MOUNT$1" find "$1" -type d -print0 | cpio -p -0vd "$RW_MOUNT" &>/dev/null - mount -n --bind "$RW_MOUNT$1" "$1" + add_mount $1 fi } - mount_files() { + cp_files() { if [ -e "$1" ]; then cp -a --parents "$1" "$RW_MOUNT" - mount -n --bind "$RW_MOUNT$1" "$1" + add_mount $1 fi } @@ -83,24 +88,38 @@ if [ "$READONLY" = "yes" -o "$TEMPORARY_STATE" = "yes" ]; then for file in /etc/rwtab /etc/rwtab.d/* /run/initramfs/rwtab ; do is_ignored_file "$file" && continue - [ -f $file ] && cat $file | while read type path ; do + [ -f $file ] && while read type path ; do case "$type" in empty) - mount_empty $path + cp_empty $path ;; files) - mount_files $path + cp_files $path ;; dirs) - mount_dirs $path + cp_dirs $path ;; *) ;; esac selinux_fixup "$path" - done + done < <(cat $file) done + for m in "${MOUNTS[@]}"; do + prefix=0 + for mount_point in "${MOUNTS[@]}"; do + [[ $m = $mount_point ]] && continue + if [[ $m =~ ^$mount_point.* ]] ; then + prefix=1 + break + fi + done + [[ $prefix -eq 1 ]] && continue + + mount -n --bind "$RW_MOUNT$m" "$m" + done + # Use any state passed by initramfs [ -d /run/initramfs/state ] && cp -a /run/initramfs/state/* $RW_MOUNT |