m/n/c/l/crypt: open blockdevs read-only for discovery
Use the new blockdev capabilities to only open the block devices in
read-only mode for partition discovery. This allows us to disable writes
to mounted partitions in Linux 6.12 and not get a spurious warning for
every boot. It's also generally good practice as we don't want to write
at that stage anyways.
Change-Id: If8dd9b49ae593aac6f0a25d439baa0b7d60d7ffe
Reviewed-on: https://review.monogon.dev/c/monogon/+/3986
Reviewed-by: Jan Schär <jan@monogon.tech>
Tested-by: Jenkins CI
diff --git a/metropolis/node/core/localstorage/crypt/blockdev.go b/metropolis/node/core/localstorage/crypt/blockdev.go
index d2c1b15..f89b2bd 100644
--- a/metropolis/node/core/localstorage/crypt/blockdev.go
+++ b/metropolis/node/core/localstorage/crypt/blockdev.go
@@ -90,7 +90,7 @@
return nil
}
- blkdev, err := blockdev.Open(fmt.Sprintf("/dev/%v", data["DEVNAME"]))
+ blkdev, err := blockdev.Open(fmt.Sprintf("/dev/%v", data["DEVNAME"]), blockdev.WithReadonly)
if err != nil {
return fmt.Errorf("failed to open block device: %w", err)
}
diff --git a/third_party/linux/linux-metropolis.config b/third_party/linux/linux-metropolis.config
index 4627662..baed548 100644
--- a/third_party/linux/linux-metropolis.config
+++ b/third_party/linux/linux-metropolis.config
@@ -87,7 +87,7 @@
CONFIG_KVM_AMD=m
CONFIG_JUMP_LABEL=y
CONFIG_MODULES=y
-# CONFIG_BLK_DEV_WRITE_MOUNTED is not set
+CONFIG_BLK_DEV_WRITE_MOUNTED=n
CONFIG_BLK_CGROUP_IOPRIO=y
CONFIG_PARTITION_ADVANCED=y
CONFIG_BINFMT_MISC=y