machine-id: properly mount transient machine ID read-only

author: Lennart Poettering <lennart@poettering.net> 2012-08-13 16:24:30 +0200
committer: Lennart Poettering <lennart@poettering.net> 2012-08-13 16:24:30 +0200
commit: aed5a525777be452c8a451793cf9c16990ac5515 (patch)
tree: b0b2388324393359cb8b4c319d9e1e570f97cfb0 /src/core/machine-id-setup.c
parent: b4c59701f8d439f84141d4858dc1aa339f4ec529 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c
index c6fd77ac8..7f4c23b13 100644
--- a/src/core/machine-id-setup.c
+++ b/src/core/machine-id-setup.c
@@ -226,13 +226,17 @@ int machine_id_setup(void) {
         }
 
         /* And now, let's mount it over */
-        r = mount("/run/machine-id", "/etc/machine-id", "bind", MS_BIND|MS_RDONLY, NULL) < 0 ? -errno : 0;
+        r = mount("/run/machine-id", "/etc/machine-id", NULL, MS_BIND, NULL) < 0 ? -errno : 0;
         if (r < 0) {
                 unlink("/run/machine-id");
                 log_error("Failed to mount /etc/machine-id: %s", strerror(-r));
-        } else
+        } else {
                 log_info("Installed transient /etc/machine-id file.");
 
+                /* Mark the mount read-only */
+                mount(NULL, "/etc/machine-id", NULL, MS_BIND|MS_RDONLY|MS_REMOUNT, NULL);
+        }
+
 finish:
 
         if (fd >= 0)
author	Lennart Poettering <lennart@poettering.net>	2012-08-13 16:24:30 +0200
committer	Lennart Poettering <lennart@poettering.net>	2012-08-13 16:24:30 +0200
commit	aed5a525777be452c8a451793cf9c16990ac5515 (patch)
tree	b0b2388324393359cb8b4c319d9e1e570f97cfb0 /src/core/machine-id-setup.c
parent	b4c59701f8d439f84141d4858dc1aa339f4ec529 (diff)