From 45696ec2f7324de1331d79518a5ee8dd80f3bc0e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=A1clav=20Pavl=C3=ADn?= <vpavlin@redhat.com>
Date: Tue, 3 Sep 2013 17:36:39 +0200
Subject: readonly-root: bind-mount only necessary subset of entries in rwtab

---
 systemd/fedora-readonly | 45 ++++++++++++++++++++++++++++++++-------------
 1 file changed, 32 insertions(+), 13 deletions(-)

(limited to 'systemd')

diff --git a/systemd/fedora-readonly b/systemd/fedora-readonly
index 66634e24..bc2b2bcb 100755
--- a/systemd/fedora-readonly
+++ b/systemd/fedora-readonly
@@ -38,27 +38,32 @@ if strstr "$cmdline" noreadonlyroot ; then
 	READONLY=no
 fi
 
+MOUNTS=()
 if [ "$READONLY" = "yes" -o "$TEMPORARY_STATE" = "yes" ]; then
 
-	mount_empty() {
-		if [ -e "$1" ]; then
+        add_mount() {
+                MOUNTS=("${MOUNTS[@]}" "$1")
+        }
+
+        cp_empty() {
+                if [ -e "$1" ]; then
 			echo "$1" | cpio -p -vd "$RW_MOUNT" &>/dev/null
-			mount -n --bind "$RW_MOUNT$1" "$1"
+                        add_mount $1
 		fi
-	}
+        }
 
-	mount_dirs() {
+        cp_dirs() {
 		if [ -e "$1" ]; then
 			mkdir -p "$RW_MOUNT$1"
 			find "$1" -type d -print0 | cpio -p -0vd "$RW_MOUNT" &>/dev/null
-			mount -n --bind "$RW_MOUNT$1" "$1"
+                        add_mount $1
 		fi
 	}
 
-	mount_files() {
+        cp_files() {
 		if [ -e "$1" ]; then
 			cp -a --parents "$1" "$RW_MOUNT"
-			mount -n --bind "$RW_MOUNT$1" "$1"
+                        add_mount $1
 		fi
 	}
 
@@ -83,24 +88,38 @@ if [ "$READONLY" = "yes" -o "$TEMPORARY_STATE" = "yes" ]; then
 
 	for file in /etc/rwtab /etc/rwtab.d/* /run/initramfs/rwtab ; do
 		is_ignored_file "$file" && continue
-	[ -f $file ] && cat $file | while read type path ; do
+	[ -f $file ] && while read type path ; do
 			case "$type" in
 				empty)
-					mount_empty $path
+					cp_empty $path
 					;;
 				files)
-					mount_files $path
+					cp_files $path
 					;;
 				dirs)
-					mount_dirs $path
+					cp_dirs $path
 					;;
 				*)
 					;;
 			esac
 			selinux_fixup "$path"
-		done
+                done < <(cat $file)
 	done
 
+        for m in "${MOUNTS[@]}"; do
+                prefix=0
+                for mount_point in "${MOUNTS[@]}"; do
+                        [[ $m = $mount_point ]] && continue
+                        if [[ $m =~ ^$mount_point.* ]] ; then
+                                prefix=1
+                                break
+                        fi
+                done
+                [[ $prefix -eq 1 ]] && continue
+
+                mount -n --bind "$RW_MOUNT$m" "$m"
+        done
+
 	# Use any state passed by initramfs
 	[ -d /run/initramfs/state ] && cp -a /run/initramfs/state/* $RW_MOUNT
 
-- 
cgit v1.2.1