On Wed, Mar 16, 2011 at 11:57:01AM +0100, richard -rw- weinberger wrote:
On Wed, Mar 16, 2011 at 11:47 AM, Petr Uzel <petr.uzel@suse.cz> wrote:
Try this: mount -o bind /home /mnt mount -o remount,ro,bind /mnt
Can you please explain me why this works?
Simple 'mount -o bind,ro /olddir /newdir' just does not work, as explained in mount(8) manpage: Note that the filesystem mount options will remain the same as those on the original mount point, and cannot be changed by passing the -o option along with --bind/--rbind. The mount options can be changed by a separate remount command, ... In the past, this seemed to work, but actually the situation was much worse than it is now. What actually happened with earlier versions of util-linux (mount), was that the kernel did bind mount, but silently ignored the RO flag, so the bind mount was in fact RW. What's worse, mount did not recognize this and reported the mount as RO. Here's example on one of the older systems: # mount -o bind,ro /proc/proc_bind # mount | grep proc_bind /proc on /proc_bind type none (ro,bind) OK, mount shows it as RO ... # cat /etc/mtab | grep proc_bind /proc /proc_bind none ro,bind 0 0 ... Because it reads the info from /etc/mtab, but ... # cat /proc/self/mounts | grep proc_bind proc /proc_bind proc rw,relatime 0 0 ... but it is actually RW! So util-linux/mount(8) was fixed and now recognizes this situation and reports the RW bind mount (when the user believes it is RO). So you have to use additional 'mount -o remount,ro' to make it really read only. More info: http://lwn.net/Articles/281157/ BTW this is one example of possible discrepancies between /etc/mtab and /proc/self/mounts and one of the reasons why we made /etc/mtab a symlink to /proc/self/mounts. The reason why you have to use bind flag with the remount command is explained in my previous mail and man mount, I believe. Does this help? BR, Petr -- Petr Uzel IRC: ptr_uzl @ freenode