udev: set default rules permissions only at "add" events

[elogind.git] / src / core / machine-id-setup.c

diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c
index c6fd77ac8dc14b42e37363dfe3d93333b1910a56..7f4c23b13004c2beffb546e097c1fd5e1462fa24 100644 (file)
--- a/src/core/machine-id-setup.c
+++ b/src/core/machine-id-setup.c
@@ -226,13 +226,17 @@ int machine_id_setup(void) {
         }
 
         /* And now, let's mount it over */
-        r = mount("/run/machine-id", "/etc/machine-id", "bind", MS_BIND|MS_RDONLY, NULL) < 0 ? -errno : 0;
+        r = mount("/run/machine-id", "/etc/machine-id", NULL, MS_BIND, NULL) < 0 ? -errno : 0;
         if (r < 0) {
                 unlink("/run/machine-id");
                 log_error("Failed to mount /etc/machine-id: %s", strerror(-r));
-        } else
+        } else {
                 log_info("Installed transient /etc/machine-id file.");
 
+                /* Mark the mount read-only */
+                mount(NULL, "/etc/machine-id", NULL, MS_BIND|MS_RDONLY|MS_REMOUNT, NULL);
+        }
+
 finish:
 
         if (fd >= 0)