From 7ee6571640b6f755bb4124fb6a58334bf8dcb7d3 Mon Sep 17 00:00:00 2001 From: Lars Karlitski Date: Thu, 13 Jun 2019 21:12:51 +0200 Subject: [PATCH] osbuild.py: use readonly bind mounts when possible --- osbuild.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/osbuild.py b/osbuild.py index 0b6bf2ad..656bd002 100644 --- a/osbuild.py +++ b/osbuild.py @@ -78,13 +78,11 @@ class BuildRoot: "input_dir": None } - binds = [ + robinds = [ (f"{libdir}/run-stage", "/tmp/run-stage"), (f"{libdir}/stages/{stage}", "/tmp/stage"), ("/etc/pki", "/etc/pki") ] - - robinds = [] if input_dir: options["input_dir"] = "/tmp/input" robinds.append((input_dir, "/tmp/input")) @@ -95,7 +93,7 @@ class BuildRoot: argv.append("/tmp/stage") try: - self.run(argv, binds=binds, readonly_binds=robinds, input=json.dumps(options), encoding="utf-8", check=True) + self.run(argv, readonly_binds=robinds, input=json.dumps(options), encoding="utf-8", check=True) except subprocess.CalledProcessError as error: raise StageFailed(stage, error.returncode) @@ -109,12 +107,13 @@ class BuildRoot: "input_dir": None } - binds = [ + robinds = [ (f"{libdir}/run-stage", "/tmp/run-stage"), (f"{libdir}/stages/{name}", "/tmp/stage"), ("/etc/pki", "/etc/pki") ] + binds = [] if output_dir: options["output_dir"] = "/tmp/output" binds.append((output_dir, "/tmp/output")) @@ -125,7 +124,7 @@ class BuildRoot: argv.append("/tmp/stage") try: - self.run(argv, binds=binds, input=json.dumps(options), encoding="utf-8", check=True) + self.run(argv, binds=binds, readonly_binds=robinds, input=json.dumps(options), encoding="utf-8", check=True) except subprocess.CalledProcessError as error: raise StageFailed(stage, error.returncode)