mirror of
https://github.com/siderolabs/talos.git
synced 2025-12-09 19:41:41 +01:00
07a432cc56
Extract common code from `etcfile` controller and use it to mount files from initramfs into the new root actually as read-only. ``` rootfs /usr/lib/firmware rootfs ro,seclabel,size=1920152k,nr_inodes=480038 0 0 rootfs /etc/extensions.yaml rootfs ro,seclabel,size=1920152k,nr_inodes=480038 0 0 ``` Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
34 lines
1020 B
Go
34 lines
1020 B
Go
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
package mount
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"golang.org/x/sys/unix"
|
|
)
|
|
|
|
// BindReadonly creates a common way to create a readonly bind mounted destination.
|
|
func BindReadonly(src, dst string) error {
|
|
sourceFD, err := unix.OpenTree(unix.AT_FDCWD, src, unix.OPEN_TREE_CLONE|unix.OPEN_TREE_CLOEXEC)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to opentree source %s: %w", src, err)
|
|
}
|
|
|
|
defer unix.Close(sourceFD) //nolint:errcheck
|
|
|
|
if err := unix.MountSetattr(sourceFD, "", unix.AT_EMPTY_PATH, &unix.MountAttr{
|
|
Attr_set: unix.MOUNT_ATTR_RDONLY,
|
|
}); err != nil {
|
|
return fmt.Errorf("failed to set mount attribute: %w", err)
|
|
}
|
|
|
|
if err := unix.MoveMount(sourceFD, "", unix.AT_FDCWD, dst, unix.MOVE_MOUNT_F_EMPTY_PATH); err != nil {
|
|
return fmt.Errorf("failed to move mount from %s to %s: %w", src, dst, err)
|
|
}
|
|
|
|
return nil
|
|
}
|