From d07d0942c60b7145f11254899b9509d9b327c7ab Mon Sep 17 00:00:00 2001
From: Luis Hector Chavez <lhchavez@google.com>
Date: Wed, 11 Jul 2018 08:13:34 -0700
Subject: [PATCH] init.rc: Remount / with MS_REMOUNT|MS_BIND|MS_NODEV

/ should not have any character/block devices, so might as well pass in
the nodev flag.

Bug: 73255020
Test: aosp_sailfish still boots
Test: sailfish:/ # find / -xdev -a \( -type b -o -type c -o -type p -o -type s \)
      sailfish:/ #
Test: rootfs on / type rootfs (rw,seclabel)
      /dev/root on / type ext4 (ro,seclabel,nodevrelatime)

Change-Id: Ia73e04b53a47506892d9d3cb61b471b81bb72dc3
---
 rootdir/init.rc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index c1ae93283..d3f038ea5 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -318,8 +318,8 @@ on post-fs
     start vndservicemanager
 
     # Once everything is setup, no need to modify /.
-    # The bind+ro combination avoids modifying any other mount flags.
-    mount rootfs rootfs / remount bind ro
+    # The bind+remount combination allows this to work in containers.
+    mount rootfs rootfs / remount bind ro nodev
     # Mount shared so changes propagate into child namespaces
     mount rootfs rootfs / shared rec
     # Mount default storage into root namespace