Today I’m writing in english so more people can read my post.
Recently I’ve found in a situtation where I wanted to build my own packages on linux (actually ubuntu 10.04 LTS). I’ve done this before, but for now I wanted to do this in a chroot (better test environment not messing my normal system with). I don’t want to write to much about chrooting on linux, cause it’s off topic. If you want to know more RTFM, drop me a message or go to https://help.ubuntu.com/community/DebootstrapChroot (it’s written for ubuntu, but you may use schroot on other distros at well)
This post covers bind mounting a directory readonly, I use it for chrooted environments, but you may use it for other szenarios as well.
Inspired by http://www.alunduil.com/2010/09/19/bind-mount-and-uses-to-avoid/ I want to write my own post.
I needed some directories from my rootinstallation in my chrooted installation, so how to get them in there:
- Softlink?: forget it, it’s chrooted
- Hardlink?: on a directory?
- bind mount: bingo!
Ok let’s mount home (with schroot your “fstab” would be in /etc/schroot/mount-defaults, so schroot mounts these directories only when you are in the chroot-environment):
/home /home none rw,bind 0 0
Ok, chrooting with schroot -c lucid64 -u root
What if I do a rm -rf /home in my chroot, it’s changrooted, so I’m save, am I?
Here comes a big, fat NO, you have bind mounted it, so you have direct access to the root directory /home!
So just bind mounting it readonly:
/home /home none ro,bind 0 0
changing into the chroot gives us a warning: /home seems to be mounted read-write.
So no possibility to bind mount a directory readonly?
Well there is – a normal readonly mount would work with 2 commands:
mount -o bind /source /destination
mount -o remount,ro /destination
But how can I accomplish this in my fstab (or for schroot: /etc/schroot/mount-defaults)?
The solution: install bindfs (on my ubuntu: sudo aptitude install bindfs).
Bindfs is an “alias” for mount -o bind and does many more, I don’t want to go deeper, it’s only a userland mount with fuse, but I don’t mind about this, with that you can do:
bindfs -o ro /source /destination
or in your fstab (Note: The bindfs# is important here!):
bindfs#/home /home fuse ro 0 0
After that your bind mount will be readonly!