Enforce read-only mode for all BindFS mounts to minimize risk of /etc/guest-session/skel corruption.

author: Laércio de Sousa <laerciosousa@sme-mogidascruzes.sp.gov.br> 2015-10-13 07:27:05 -0300
committer: Laércio de Sousa <laerciosousa@sme-mogidascruzes.sp.gov.br> 2015-10-13 07:27:05 -0300
commit: de030096e5ea9a55de5d48ce5f072cc1ce98dc2f (patch)
tree: ab4ff219db5c0d37ea65955a9b015800c6b45f0e /debian/guest-account.sh
parent: c43d66f0d33d0db5ded4278d09c1edbbe4e40be1 (diff)
download: lightdm-de030096e5ea9a55de5d48ce5f072cc1ce98dc2f.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/debian/guest-account.sh b/debian/guest-account.sh
index 6a077baa..c09d886b 100644
--- a/debian/guest-account.sh
+++ b/debian/guest-account.sh
@@ -69,7 +69,7 @@ add_account ()
 
       # Wrap ${gs_skel} in a BindFS mount, so that
       # guest account will see itself as the owner of ${gs_skel}'s contents.
-      bindfs -M $USER $gs_skel ${PRE_HOME}/lower || {
+      bindfs -r -M $USER $gs_skel ${PRE_HOME}/lower || {
         rm -rf "$PRE_HOME"
         rm -rf "$HOME"
         exit 1
author	Laércio de Sousa <laerciosousa@sme-mogidascruzes.sp.gov.br>	2015-10-13 07:27:05 -0300
committer	Laércio de Sousa <laerciosousa@sme-mogidascruzes.sp.gov.br>	2015-10-13 07:27:05 -0300
commit	de030096e5ea9a55de5d48ce5f072cc1ce98dc2f (patch)
tree	ab4ff219db5c0d37ea65955a9b015800c6b45f0e /debian/guest-account.sh
parent	c43d66f0d33d0db5ded4278d09c1edbbe4e40be1 (diff)
download	lightdm-de030096e5ea9a55de5d48ce5f072cc1ce98dc2f.tar.gz