Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Can't bind-mount read-only if there are outstanding writable FDs. #3549
I noticed this when trying to make flatpak/bubblewrap work with WSL. Flatpak sets up a new filesystem namespace with a tmpfs as root, and then tries to bind-mount readonly a regular directory on top of /usr.
This happens as first a MS_BIND $src /usr, and then MS_BIND|MS_REMOUNT|MS_READONLY /usr. Under WSL, this operation will fail with EBUSY whenever any process has an outstanding writable file-descriptor anywhere on the same filesystem that has the $src directory (ie. typically any file on the root lxfs).
This is a problem in general, as there is no way in general to guarantee that nothing is writing to the filesystem at any point, but it is especially tricky for flatpak as it writes and unlink temporary files that are then passed into the bubblewrap sandbox.
I've worked around this for now in the wip/WSL branch by just disabling the read-only option: projectatomic/bubblewrap@9dc3498