summaryrefslogtreecommitdiffstats
path: root/libmount/src/hook_loopdev.c
diff options
context:
space:
mode:
Diffstat (limited to 'libmount/src/hook_loopdev.c')
-rw-r--r--libmount/src/hook_loopdev.c20
1 files changed, 10 insertions, 10 deletions
diff --git a/libmount/src/hook_loopdev.c b/libmount/src/hook_loopdev.c
index 8c8f7f2..597b933 100644
--- a/libmount/src/hook_loopdev.c
+++ b/libmount/src/hook_loopdev.c
@@ -140,10 +140,6 @@ static int setup_loopdev(struct libmnt_context *cxt,
DBG(LOOP, ul_debugobj(cxt, "trying to setup device for %s", backing_file));
- ol = mnt_context_get_optlist(cxt);
- if (!ol)
- return -ENOMEM;
-
if (mnt_optlist_is_rdonly(ol)) {
DBG(LOOP, ul_debugobj(cxt, "enabling READ-ONLY flag"));
lo_flags |= LO_FLAGS_READ_ONLY;
@@ -356,15 +352,19 @@ success:
*/
mnt_optlist_append_flags(ol, MS_RDONLY, cxt->map_linux);
- /* we have to keep the device open until mount(1),
- * otherwise it will be auto-cleared by kernel
+ /*
+ * We have to keep the device open until mount(1), otherwise it
+ * will be auto-cleared by kernel. However we don't want to
+ * keep writeable fd as kernel wants to block all writers to
+ * the device being mounted (in the more hardened
+ * configurations). So grab read-only fd instead.
*/
- hd->loopdev_fd = loopcxt_get_fd(&lc);
+ hd->loopdev_fd = open(lc.device, O_RDONLY | O_CLOEXEC);
if (hd->loopdev_fd < 0) {
- DBG(LOOP, ul_debugobj(cxt, "failed to get loopdev FD"));
+ DBG(LOOP,
+ ul_debugobj(cxt, "failed to reopen loopdev FD"));
rc = -errno;
- } else
- loopcxt_set_fd(&lc, -1, 0);
+ }
}
done:
loopcxt_deinit(&lc);
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-06 20:10:56 +0000