In xen use the helper image in ro mode

Make sure everything works even when the root filesystem in the helper
VM is mounted read-only.

snf-image-helper/common.sh

@@ -33,6 +33,7 @@ REGLOOKUP=reglookup
 CHNTPW=chntpw
 DATE="date -u" # Time in UTC
 EATMYDATA=eatmydata
+MOUNT="mount -n"
 
 CLEANUP=( )
 ERRORS=( )
@@ -76,7 +77,7 @@ prepare_helper() {
         add_cleanup close_fd ${MONITOR_FD}
         ;;
     xen-hvm|xen-pvm)
-		mount -t xenfs xenfs /proc/xen
+		$MOUNT -t xenfs xenfs /proc/xen
 		iptables -P OUTPUT DROP
 		ip6tables -P OUTPUT DROP
 		ip link set eth0 up

snf-image-helper/snf-image-helper.in

@@ -20,15 +20,18 @@
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
 
 if [ $$ -eq 1 ]; then
-    mount / -o remount
+    #mount / -o remount
+    mount -t tmpfs -o size=20m tmpfs /tmp
     /etc/init.d/udev start
-    hwclock -u -s
+    #hwclock -u -s
 
     (exec $0) &
     wait
     exit 0 # Hopefully this is never called...
 fi
 
+export PATH
+
 . @commondir@/common.sh
 
 set -e
@@ -55,7 +58,7 @@ fi
 floppy=$(mktemp -d --tmpdir floppy.XXXXXX)
 add_cleanup rmdir "$floppy"
 
-mount $FLOPPY_DEV $floppy
+$MOUNT $FLOPPY_DEV $floppy
 add_cleanup umount "$floppy"
 
 if [ -f "$floppy/rules" ]; then

snf-image-helper/tasks/30MountImage.in

@@ -45,7 +45,7 @@ if [ ! -b "$rootdev" ]; then
         "(=$SNF_IMAGE_PROPERTY_ROOT_PARTITION) is valid."
 fi
 
-mount "$rootdev" "$SNF_IMAGE_TARGET" -o rw
+$MOUNT "$rootdev" "$SNF_IMAGE_TARGET" -o rw
 
 if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" != "linux" ]; then
     exit 0
@@ -73,7 +73,7 @@ while read line; do
 
     # I'm in doupt. Sould I mount the filesystems with the mount options
     # found in the image's /etc/fstab or not?
-    mount "${entry[1]}" "${SNF_IMAGE_TARGET}${entry[0]}" # -o "${entry[2]}"
+    $MOUNT "${entry[1]}" "${SNF_IMAGE_TARGET}${entry[0]}" # -o "${entry[2]}"
 
 done <<< "$fstab"
 

snf-image-host/snf-image-update-helper.in

@@ -159,6 +159,10 @@ cat > "$target/etc/fstab" <<EOF
 UUID=$root_uuid         /               ext3    defaults        0       1
 proc              /proc           proc    defaults        0       0
 EOF
+
+# We need this since we mount the helper VM ro
+ln -sf /proc/mounts "$target/etc/mtab"
+
 echo "done"
 
 echo -n "Extracting kernel..."

snf-image-host/xen-common.sh

@@ -14,11 +14,12 @@ launch_helper() {
 	echo "$($DATE +%Y:%m:%d-%H:%M:%S.%N) VM START" >&2
 
     xm create /dev/null \
-      kernel="$HELPER_DIR/kernel-xen" ramdisk="$HELPER_DIR/initrd-xen"  root="/dev/xvda1" \
-      extra="console=hvc0 hypervisor=$HYPERVISOR snf_image_activate_helper quiet ro boot=local init=/usr/bin/snf-image-helper" \
-      disk="file:$HELPER_DIR/image,xvda,w" disk="phy:$blockdev,xvdb,w" \
+      kernel="$HELPER_DIR/kernel-xen" ramdisk="$HELPER_DIR/initrd-xen" \
+	  root="/dev/xvda1" memory="256" boot="c" vcpus=1 name="$name" \
+      extra="console=hvc0 hypervisor=$HYPERVISOR snf_image_activate_helper \
+      rules_dev=/dev/xvdc quiet ro boot=local init=/usr/bin/snf-image-helper" \
+      disk="file:$HELPER_DIR/image,xvda,r" disk="phy:$blockdev,xvdb,w" \
       disk="file:$floppy,xvdc,r" vif="mac=aa:00:00:00:00:11,bridge=$XEN_BRIDGE" \
-      memory="256" boot="c" vcpus=1 name="$name"
 
     if ! xenstore-exists snf-image-helper; then
         xenstore-write snf-image-helper ""