Skip to content

Bind mount /run read-only

Jelle van der Waa requested to merge github/fork/tomty89/ro_bind_run into master

Created by: tomty89

Avoid e.g. systemd-tmpfiles from tampering /run (of the host):

fchownat() of /run/systemd/netif failed: Read-only file system fchownat() of /run/systemd/netif/links failed: Read-only file system fchownat() of /run/systemd/netif/leases failed: Read-only file system fchownat() of /run/systemd/netif/lldp failed: Read-only file system

In this particular case, it could cause unexpected (and unnecessary) change of ownership to these directories (because of automatic uid/gid allocation), which could prevent systemd-networkd from working.

Besides, the chroot should under no circumstances (actually) need any (read-)write access to /run. If there's such need, we should not bind mount.

Ref.: https://bugs.archlinux.org/task/61808

Merge request reports