From c091a57ece33a8fd36161c319f2fa78546467b7f Mon Sep 17 00:00:00 2001
From: Helmut Grohne <helmut@subdivi.de>
Date: Fri, 1 Mar 2024 18:49:24 +0100
Subject: fix read-only bind_mount

As we learn from util-linux, MS_RDONLY is ignored on MS_BIND. Rather
than remount, just use the new mount API as it doesn't suffer this
limitation.
---
 linuxnamespaces/__init__.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/linuxnamespaces/__init__.py b/linuxnamespaces/__init__.py
index ce6d44f..625f6c6 100644
--- a/linuxnamespaces/__init__.py
+++ b/linuxnamespaces/__init__.py
@@ -246,6 +246,10 @@ def bind_mount(
     source = AtLocation(source)
     target = AtLocation(target)
     try:
+        if readonly:
+            # We would have to remount to apply the readonly flag, see
+            # https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=9ac77b8a78452eab0612523d27fee52159f5016a
+            raise ValueError()
         srcloc = os.fspath(source)
         tgtloc = os.fspath(target)
     except ValueError:
@@ -255,14 +259,12 @@ def bind_mount(
         with open_tree(source, otflags) as srcfd:
             if readonly:
                 mount_setattr(srcfd, recursive, MountAttrFlags.RDONLY)
-            return move_mount(srcfd, target)
+            move_mount(srcfd, target)
     else:
         mflags = MountFlags.BIND
         if recursive:
             mflags |= MountFlags.REC
-        if readonly:
-            mflags |= MountFlags.RDONLY
-        return mount(srcloc, tgtloc, None, mflags)
+        mount(srcloc, tgtloc, None, mflags)
 
 
 _P = typing.ParamSpec("_P")
-- 
cgit v1.2.3