From cc9b889e8f285719645b5a86f2583d7f1b2aef01 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 11 Feb 2020 12:57:29 -0500 Subject: [PATCH] linux-boot: Ensure volatile root is mounted read-only. * gnu/build/linux-boot.scm (mount-root-file-system): Ensure MS_RDONLY is present among the root file system flags when VOLATILE-ROOT? is #t. --- gnu/build/linux-boot.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/build/linux-boot.scm b/gnu/build/linux-boot.scm index 3d40a7d05d..4fb711b8f2 100644 --- a/gnu/build/linux-boot.scm +++ b/gnu/build/linux-boot.scm @@ -362,12 +362,12 @@ (define* (mount-root-file-system root type "Mount the root file system of type TYPE at device ROOT. If VOLATILE-ROOT? is true, mount ROOT read-only and make it an overlay with a writable tmpfs using the kernel built-in overlayfs. FLAGS and OPTIONS indicates the options to use -to mount ROOT." +to mount ROOT, and behave the same as for the `mount' procedure." (if volatile-root? (begin (mkdir-p "/real-root") - (mount root "/real-root" type MS_RDONLY options) + (mount root "/real-root" type (logior MS_RDONLY flags) options) (mkdir-p "/rw-root") (mount "none" "/rw-root" "tmpfs")