From 219f5b4be428388f2b8cc12a7480c4a6922b59ca Mon Sep 17 00:00:00 2001
From: Jordan Petridis <jordan@centricular.com>
Date: Sat, 19 Aug 2023 07:40:30 +0300
Subject: [PATCH] cmd/initContainer: Be aware of security hardened / or /etc

On new builds of GNOME OS [1], the host's / is mounted with 'nodev,...'
and those flags are also inherited by /etc because it's not a separate
mount point.  This leads to the same problem with /etc/machine-id that
was seen before with /var/lib/flatpak, /var/lib/systemd/coredump and
/var/log/journal [2].

Therefore, use the same approach [2] to handle /etc/machine-id.

[1] https://gitlab.gnome.org/GNOME/gnome-build-meta/-/issues/718

[2] Commit 1cc9e07b7c36fe9f
    https://github.com/containers/toolbox/commit/1cc9e07b7c36fe9f
    https://github.com/containers/toolbox/pull/1340

https://github.com/containers/toolbox/issues/911
https://github.com/containers/toolbox/pull/1354

Signed-off-by: Jordan Petridis <jordan@centricular.com>
---
 src/cmd/initContainer.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cmd/initContainer.go b/src/cmd/initContainer.go
index 41b825b33..c3424290b 100644
--- a/src/cmd/initContainer.go
+++ b/src/cmd/initContainer.go
@@ -52,7 +52,7 @@ var (
 		source        string
 		flags         string
 	}{
-		{"/etc/machine-id", "/run/host/etc/machine-id", "ro"},
+		{"/etc/machine-id", "/run/host/etc/machine-id", ""},
 		{"/run/libvirt", "/run/host/run/libvirt", ""},
 		{"/run/systemd/journal", "/run/host/run/systemd/journal", ""},
 		{"/run/systemd/resolve", "/run/host/run/systemd/resolve", ""},