New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't bind-mount read-only if there are outstanding writable FDs. #3549

Open
alexlarsson opened this Issue Sep 17, 2018 · 0 comments

Comments

Projects
None yet
1 participant
@alexlarsson

alexlarsson commented Sep 17, 2018

I noticed this when trying to make flatpak/bubblewrap work with WSL. Flatpak sets up a new filesystem namespace with a tmpfs as root, and then tries to bind-mount readonly a regular directory on top of /usr.

This happens as first a MS_BIND $src /usr, and then MS_BIND|MS_REMOUNT|MS_READONLY /usr. Under WSL, this operation will fail with EBUSY whenever any process has an outstanding writable file-descriptor anywhere on the same filesystem that has the $src directory (ie. typically any file on the root lxfs).

This is a problem in general, as there is no way in general to guarantee that nothing is writing to the filesystem at any point, but it is especially tricky for flatpak as it writes and unlink temporary files that are then passed into the bubblewrap sandbox.

I've worked around this for now in the wip/WSL branch by just disabling the read-only option: projectatomic/bubblewrap@9dc3498

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment