Ludovic Courtès skribis: > The read-only remount comes from ‘mount-file-system’ in (gnu build > file-systems): > > ;; For read-only bind mounts, an extra remount is needed, as per > ;; , which still applies to Linux > ;; 4.0. > (when (and (= MS_BIND (logand flags MS_BIND)) > (= MS_RDONLY (logand flags MS_RDONLY))) > (let ((flags (logior MS_BIND MS_REMOUNT MS_RDONLY))) > (mount source mount-point type flags #f))) > > This recipe has been working well “forever”, although it’s probably > unnecessary with recent kernels (the LWN article is from 2008). Apparently the extra remount is still necessary, and the ‘mount’ command does it for you if you combine ‘--bind’ with ‘-o ro’: --8<---------------cut here---------------start------------->8--- # strace -e mount mount --bind -o ro t m mount("/tmp/t", "/tmp/m", 0xde1930, MS_RDONLY|MS_BIND, NULL) = 0 mount("none", "/tmp/m", NULL, MS_RDONLY|MS_REMOUNT|MS_BIND, NULL) = 0 +++ exited with 0 +++ # mount --version mount from util-linux 2.35.1 (libmount 2.35.1: btrfs, namespaces, assert, debug) # uname -sr Linux 5.10.10-gnu --8<---------------cut here---------------end--------------->8--- Ludo’.