autotua.chroot.WorkChroot():

 - Bind-mount read-only by default
 - Everything except ${DISTDIR} is bind,ro

1 files changed, 7 insertions, 3 deletions

diff --git a/slave/autotua/chroot/__init__.py b/slave/autotua/chroot/__init__.py
index fefc290..d30c29b 100644
--- a/slave/autotua/chroot/__init__.py
+++ b/slave/autotua/chroot/__init__.py
@@ -97,14 +97,18 @@ class WorkChroot(object):
         for mount in regex.findall(mounts):
             subprocess.check_call('umount "%s"' % mount.replace(r'\040', ' '), shell=True)
 
-    def _bind(self, src, dest):
+    def _bind(self, src, dest, ro=True):
         """
         Bind mount src onto dest inside self.chrootdir
+        Mount read-only by default
         """
         if not dest.startswith('/'):
             dest = '/'+dest
         dest = self.chrootdir+dest
-        subprocess.check_call('mount -o bind "%s" "%s"' % (src, dest), shell=True)
+        options = 'bind'
+        if ro:
+            options += ',ro'
+        subprocess.check_call('mount -o %s "%s" "%s"' % (options, src, dest), shell=True)
 
     def _setup_mounts(self):
         for dir in ['/dev', '/sys', '/proc']:
@@ -116,7 +120,7 @@ class WorkChroot(object):
         if const.DISTFILES_DIR:
             if not osp.isdir(const.DISTFILES_DIR):
                 print "\"%s\" is not a directory, cannot mount" % const.DISTFILES_DIR
-            self._bind(const.DISTFILES_DIR, '/usr/portage/distfiles')
+            self._bind(const.DISTFILES_DIR, '/usr/portage/distfiles', ro=False)
         self._bind(const.AUTOTUA_DIR+'/bin', '/tmp/autotua/bin')
         self._bind(self.jobdir+'/jobtage', '/tmp/autotua/jobtage')