From 560371647a95b8de225e5b99f44c94e025e16097 Mon Sep 17 00:00:00 2001
From: gryrmln <gryrmln@localhost>
Date: Mon, 12 Apr 2021 15:08:42 +0100
Subject: [PATCH] Mount the host sys,dev,dev/pts as read-only for bootstrap
 (zlibs/helpers)

Signed-off-by: gryrmln <gryrmln@localhost>
---
 zlibs/helpers | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/zlibs/helpers b/zlibs/helpers
index eddc16c..b654ec6 100644
--- a/zlibs/helpers
+++ b/zlibs/helpers
@@ -133,10 +133,13 @@ devprocsys()
 	ckreq || return 1
 
 	if [[ $watdo = mount ]]; then
-		sudo mount -o bind /sys     $werdo/sys     && act "mounted sys"    && \
-		sudo mount -t proc proc     $werdo/proc    && act "mounted proc"   && \
-		sudo mount -o bind /dev     $werdo/dev     && act "mounted dev"    && \
-		sudo mount -o bind /dev/pts $werdo/dev/pts && act "mounted devpts" && \
+		sudo mount -t proc proc,ro             $werdo/proc    && act "mounted proc"   && \
+		sudo mount -o bind /sys                $werdo/sys                             && \
+		sudo mount -o remount,bind,ro /sys     $werdo/sys     && act "mounted sys"    && \
+		sudo mount -o bind /dev                $werdo/dev                             && \
+		sudo mount -o remount,bind,ro /dev     $werdo/dev     && act "mounted dev"    && \
+		sudo mount -o bind /dev/pts            $werdo/dev/pts                         && \
+		sudo mount -o remount,bind,ro /dev/pts $werdo/dev/pts && act "mounted devpts" && \
 		return 0
 	elif [[ $watdo = umount ]]; then
 		sudo umount $werdo/dev/pts  && act "umounted devpts"