From cfc09de06ecc12bb42181004689e881c75072665 Mon Sep 17 00:00:00 2001 From: Patrick Ohly Date: Mon, 27 Nov 2017 16:56:42 +0100 Subject: rootfs-postcommands.bbclass: ensure that rootfs gets mounted ro When read-only-rootfs is active, we need to ensure that the rootfs does not get mounted read/write by the kernel or initramfs. Adding "ro" to the boot parameters achieves that. Signed-off-by: Patrick Ohly Signed-off-by: Ross Burton --- meta/classes/rootfs-postcommands.bbclass | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass index 5391e7a8e3..a4e627fef8 100644 --- a/meta/classes/rootfs-postcommands.bbclass +++ b/meta/classes/rootfs-postcommands.bbclass @@ -14,6 +14,14 @@ ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp ; " # Tweak the mount options for rootfs in /etc/fstab if read-only-rootfs is enabled ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", "read_only_rootfs_hook; ", "",d)}' +# We also need to do the same for the kernel boot parameters, +# otherwise kernel or initramfs end up mounting the rootfs read/write +# (the default) if supported by the underlying storage. +# +# We do this with _append because the default value might get set later with ?= +# and we don't want to disable such a default that by setting a value here. +APPEND_append = '${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", " ro", "", d)}' + # Generates test data file with data store variables expanded in json format ROOTFS_POSTPROCESS_COMMAND += "write_image_test_data ; " -- cgit 1.2.3-korg