From fc352aaffb75d446daa9254f4685d01ca70e4668 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 5 Sep 2019 00:54:34 +0000 Subject: [PATCH] daemon: Use MountFlags=slave and opt-in to OSTree read-only /sysroot This is all we need to tell libostree that we support a read-only `/sysroot` and `/boot`. See https://github.com/ostreedev/ostree/issues/1265 PR in https://github.com/ostreedev/ostree/pull/1767 --- src/daemon/rpm-ostreed.service.in | 2 ++ src/daemon/rpmostreed-sysroot.c | 4 ++++ src/daemon/rpmostreed-transaction.c | 8 ++++++++ 3 files changed, 14 insertions(+) diff --git a/src/daemon/rpm-ostreed.service.in b/src/daemon/rpm-ostreed.service.in index 5736630d41..8b23edfd19 100644 --- a/src/daemon/rpm-ostreed.service.in +++ b/src/daemon/rpm-ostreed.service.in @@ -6,6 +6,8 @@ ConditionPathExists=/ostree [Service] Type=dbus BusName=org.projectatomic.rpmostree1 +# To use the read-only sysroot bits +MountFlags=slave NotifyAccess=main @SYSTEMD_ENVIRON@ ExecStart=@bindir@/rpm-ostree start-daemon diff --git a/src/daemon/rpmostreed-sysroot.c b/src/daemon/rpmostreed-sysroot.c index d290deca53..bc1587e854 100644 --- a/src/daemon/rpmostreed-sysroot.c +++ b/src/daemon/rpmostreed-sysroot.c @@ -758,9 +758,13 @@ rpmostreed_sysroot_populate (RpmostreedSysroot *self, { g_return_val_if_fail (self != NULL, FALSE); + /* See also related code in rpmostred-transaction.c */ const char *sysroot_path = rpmostree_sysroot_get_path (RPMOSTREE_SYSROOT (self)); g_autoptr(GFile) sysroot_file = g_file_new_for_path (sysroot_path); self->ot_sysroot = ostree_sysroot_new (sysroot_file); + if (!ostree_sysroot_initialize (self->ot_sysroot, error)) + return FALSE; + ostree_sysroot_set_mount_namespace_in_use (self->ot_sysroot); /* This creates and caches an OstreeRepo instance inside * OstreeSysroot to ensure subsequent ostree_sysroot_get_repo() diff --git a/src/daemon/rpmostreed-transaction.c b/src/daemon/rpmostreed-transaction.c index 8e288d1a4d..4f99bc8f6a 100644 --- a/src/daemon/rpmostreed-transaction.c +++ b/src/daemon/rpmostreed-transaction.c @@ -573,6 +573,14 @@ transaction_initable_init (GInitable *initable, * everything from disk. */ priv->sysroot = ostree_sysroot_new (tmp_path); + /* See also related code in rpmostreed-sysroot.c */ + if (!ostree_sysroot_initialize (priv->sysroot, error)) + return FALSE; + /* We use MountFlags=slave in the unit file, which combined + * with this ensures we support read-only /sysroot mounts. + * https://github.com/ostreedev/ostree/issues/1265 + **/ + ostree_sysroot_set_mount_namespace_in_use (priv->sysroot); g_signal_connect (priv->sysroot, "journal-msg", G_CALLBACK (on_sysroot_journal_msg), self);