From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 13 Aug 2012 14:24:30 +0000 (+0200)
Subject: machine-id: properly mount transient machine ID read-only
X-Git-Tag: v189~88
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=aed5a525777be452c8a451793cf9c16990ac5515;hp=b4c59701f8d439f84141d4858dc1aa339f4ec529

machine-id: properly mount transient machine ID read-only
---

diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c
index c6fd77ac8..7f4c23b13 100644
--- a/src/core/machine-id-setup.c
+++ b/src/core/machine-id-setup.c
@@ -226,13 +226,17 @@ int machine_id_setup(void) {
         }
 
         /* And now, let's mount it over */
-        r = mount("/run/machine-id", "/etc/machine-id", "bind", MS_BIND|MS_RDONLY, NULL) < 0 ? -errno : 0;
+        r = mount("/run/machine-id", "/etc/machine-id", NULL, MS_BIND, NULL) < 0 ? -errno : 0;
         if (r < 0) {
                 unlink("/run/machine-id");
                 log_error("Failed to mount /etc/machine-id: %s", strerror(-r));
-        } else
+        } else {
                 log_info("Installed transient /etc/machine-id file.");
 
+                /* Mark the mount read-only */
+                mount(NULL, "/etc/machine-id", NULL, MS_BIND|MS_RDONLY|MS_REMOUNT, NULL);
+        }
+
 finish:
 
         if (fd >= 0)