X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Fmachine-id-setup.c;h=146c5653c96af4b91ac12ed5b268684429136c3a;hb=e62d8c394474;hp=c6fd77ac8dc14b42e37363dfe3d93333b1910a56;hpb=8e47b1d2ebefc4ca02c681eba87bb290c5af02d2;p=elogind.git

diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c
index c6fd77ac8..146c5653c 100644
--- a/src/core/machine-id-setup.c
+++ b/src/core/machine-id-setup.c
@@ -35,6 +35,7 @@
 #include "mkdir.h"
 #include "log.h"
 #include "virt.h"
+#include "fileio.h"
 
 static int shorten_uuid(char destination[36], const char *source) {
         unsigned i, j;
@@ -226,13 +227,19 @@ int machine_id_setup(void) {
         }
 
         /* And now, let's mount it over */
-        r = mount("/run/machine-id", "/etc/machine-id", "bind", MS_BIND|MS_RDONLY, NULL) < 0 ? -errno : 0;
+        r = mount("/run/machine-id", "/etc/machine-id", NULL, MS_BIND, NULL) < 0 ? -errno : 0;
         if (r < 0) {
                 unlink("/run/machine-id");
                 log_error("Failed to mount /etc/machine-id: %s", strerror(-r));
-        } else
+        } else {
                 log_info("Installed transient /etc/machine-id file.");
 
+                /* Mark the mount read-only */
+                if (mount(NULL, "/etc/machine-id", NULL,
+                          MS_BIND|MS_RDONLY|MS_REMOUNT, NULL) < 0)
+                        log_warning("Failed to make transient /etc/machine-id read-only");
+        }
+
 finish:
 
         if (fd >= 0)