grml-live: make MIRROR_DIRECTORY readonly in chroot#529
Conversation
|
🐳 Docker image for this PR is available: docker pull ghcr.io/grml/grml-live:pr-529 |
| local mountpoint | ||
| while IFS= read -r mountpoint; do | ||
| einfo "Unmounting ${mountpoint} ..." | ||
| umount -R "${mountpoint}" ; eend $? |
There was a problem hiding this comment.
AFAICS we're now trying to unmount all mount points without taking care of any preference/ordering in mind, no matter whether it's a parent (/chroot/) or children (/chroot/proc/ + /chroot/sys/) directory, but we don't care?
There was a problem hiding this comment.
i've reworked this to ignore the parent and umount all mountpoints inside CHROOT_DIRECTORY in reverse order. this might not always work, but it shouldn't be worse than before
| while IFS= read -r mountpoint; do | ||
| einfo "Unmounting ${mountpoint} ..." | ||
| umount -R "${mountpoint}" ; eend $? | ||
| done < <(findmnt -k -rn -o TARGET | awk -v p="${CHROOT_OUTPUT%/}" '$0==p || index($0,p"/")==1') |
There was a problem hiding this comment.
Do I understand this right that we hereby list all currently mounted paths, then only match lines that either match exactly ${CHROOT_OUTPUT} or start with ${CHROOT_OUTPUT} and also de-duplicate e.g. /chroot and /chroot/ into the same directory?
There was a problem hiding this comment.
what we need is all direct children of $CHROOT_OUTPUT that are mountpoints.
unfortunately findmnt has a lot of options, but doesn't help us with this.
$CHROOT_OUTPUT itself shouldn't be a mountpoint. you're right though that if $CHROOT_OUTPUT is a mountpoint, this will break.
There was a problem hiding this comment.
the "direct children" thing was a massive think-o on my side
zeha
force-pushed
the
zeha/mounts
branch
3 times, most recently
from
2f2c406 to
cc364c2
Compare
Recursively umount mountpoints inside CHROOT_OUTPUT in cleanup. Frees us from tracking which directories got mounted into CHROOT_OUTPUT Gbp-Dch: full
mika
left a comment
mika
left a comment
There was a problem hiding this comment.
Lovely, thanks! (FTR: didn't test/verify it, but LGTM!)
2 participants
Drive-by: umount all mountpoints inside CHROOT_OUTPUT during cleanup. Frees us from tracking which directories got mounted into CHROOT_OUTPUT.
mount with rbind needs util-linux >= 2.39, available in bookworm.
Serves as a basis for mounting further directories into the chroot area.