particle-os/debian-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

buildroot: mount /sys as read-only

Browse source 
This will prevent any modification of anything in `/sys`. It will
also prevent `udevadm tigger` to run, which needs /sys writeable.
This is a desired effect, since uevents are not delivered to the
contained environment, so `udevadm trigger` might hang.
This commit is contained in:
Christian Kellner 2021-06-24 16:01:18 +00:00 committed by Tom Gundersen
parent 5dc72038ef
commit 704d5d305a
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
osbuild/buildroot.py
View file

@ -177,7 +177,7 @@ class BuildRoot(contextlib.AbstractContextManager):
# Setup API file-systems.
mounts += ["--proc", "/proc"]
mounts += ["--bind", "/sys", "/sys"]
mounts += ["--ro-bind", "/sys", "/sys"]
mounts += ["--ro-bind-try", "/sys/fs/selinux", "/sys/fs/selinux"]
# There was a bug in mke2fs (fixed in versionv 1.45.7) where mkfs.ext4