machine-id: properly mount transient machine ID read-only

author Lennart Poettering <lennart@poettering.net>

Mon, 13 Aug 2012 14:24:30 +0000 (16:24 +0200)

committer Lennart Poettering <lennart@poettering.net>

Mon, 13 Aug 2012 14:24:30 +0000 (16:24 +0200)
author Lennart Poettering <lennart@poettering.net>
Mon, 13 Aug 2012 14:24:30 +0000 (16:24 +0200)
committer Lennart Poettering <lennart@poettering.net>
Mon, 13 Aug 2012 14:24:30 +0000 (16:24 +0200)
diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c

index c6fd77a..7f4c23b 100644 (file)
--- a/src/core/machine-id-setup.c
+++ b/src/core/machine-id-setup.c
@@ -226,13 +226,17 @@ int machine_id_setup(void) {
          }
  
          /* And now, let's mount it over */
-        r = mount("/run/machine-id", "/etc/machine-id", "bind", MS_BIND|MS_RDONLY, NULL) < 0 ? -errno : 0;
+        r = mount("/run/machine-id", "/etc/machine-id", NULL, MS_BIND, NULL) < 0 ? -errno : 0;
          if (r < 0) {
                  unlink("/run/machine-id");
                  log_error("Failed to mount /etc/machine-id: %s", strerror(-r));
-        } else
+        } else {
                  log_info("Installed transient /etc/machine-id file.");
  
+                /* Mark the mount read-only */
+                mount(NULL, "/etc/machine-id", NULL, MS_BIND|MS_RDONLY|MS_REMOUNT, NULL);
+        }
+
  finish:
  
          if (fd >= 0)
author	Lennart Poettering <lennart@poettering.net>
	Mon, 13 Aug 2012 14:24:30 +0000 (16:24 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Mon, 13 Aug 2012 14:24:30 +0000 (16:24 +0200)