Make /etc writable when building a runtime

We make /etc just a symlink to /usr/etc when we're building a runtime
and /etc is supposed to be writable. Otherwise the bind-mount we
normally have there don't allow use to replace existing files in /etc.

app/flatpak-builtins-build.c

@@ -85,6 +85,7 @@ flatpak_builtin_build (int argc, char **argv, GCancellable *cancellable, GError
   g_autoptr(FlatpakContext) app_context = NULL;
   gboolean custom_usr;
   g_auto(GStrv) runtime_ref_parts = NULL;
+  FlatpakRunFlags run_flags;
 
   context = g_option_context_new (_("DIRECTORY [COMMAND [args...]] - Build in directory"));
   g_option_context_set_translation_domain (context, GETTEXT_PACKAGE);
@@ -180,9 +181,12 @@ flatpak_builtin_build (int argc, char **argv, GCancellable *cancellable, GError
               "--lock-file", "/usr/.ref",
               NULL);
 
+  run_flags = FLATPAK_RUN_FLAG_DEVEL | FLATPAK_RUN_FLAG_NO_SESSION_HELPER;
+  if (custom_usr)
+    run_flags |= FLATPAK_RUN_FLAG_WRITABLE_ETC;
+
   if (!flatpak_run_setup_base_argv (argv_array, NULL, runtime_files, NULL, runtime_ref_parts[2],
-                                    FLATPAK_RUN_FLAG_DEVEL | FLATPAK_RUN_FLAG_NO_SESSION_HELPER,
-                                    error))
+                                    run_flags, error))
     return FALSE;
 
   /* After setup_base to avoid conflicts with /var symlinks */

common/flatpak-run.c

@@ -3869,6 +3869,15 @@ flatpak_run_setup_base_argv (GPtrArray      *argv_array,
             "--ro-bind", "/sys/class", "/sys/class",
             "--ro-bind", "/sys/dev", "/sys/dev",
             "--ro-bind", "/sys/devices", "/sys/devices",
+            NULL);
+
+  if (flags & FLATPAK_RUN_FLAG_WRITABLE_ETC)
+    add_args (argv_array,
+              "--dir", "/usr/etc",
+              "--symlink", "usr/etc", "/etc",
+              NULL);
+
+  add_args (argv_array,
             "--bind-data", passwd_fd_str, "/etc/passwd",
             "--bind-data", group_fd_str, "/etc/group",
             NULL);
@@ -3879,7 +3888,8 @@ flatpak_run_setup_base_argv (GPtrArray      *argv_array,
     add_args (argv_array, "--bind", "/var/lib/dbus/machine-id", "/etc/machine-id", NULL);
 
   etc = g_file_get_child (runtime_files, "etc");
-  if (g_file_query_exists (etc, NULL))
+  if ((flags & FLATPAK_RUN_FLAG_WRITABLE_ETC) == 0 &&
+      g_file_query_exists (etc, NULL))
     {
       g_auto(GLnxDirFdIterator) dfd_iter = { 0, };
       struct dirent *dent;
@@ -3964,7 +3974,8 @@ flatpak_run_setup_base_argv (GPtrArray      *argv_array,
     return FALSE;
 #endif
 
-  add_monitor_path_args ((flags & FLATPAK_RUN_FLAG_NO_SESSION_HELPER) == 0, argv_array);
+  if ((flags & FLATPAK_RUN_FLAG_WRITABLE_ETC) == 0)
+    add_monitor_path_args ((flags & FLATPAK_RUN_FLAG_NO_SESSION_HELPER) == 0, argv_array);
 
   return TRUE;
 }

common/flatpak-run.h

@@ -103,6 +103,7 @@ typedef enum {
   FLATPAK_RUN_FLAG_LOG_SYSTEM_BUS     = (1 << 3),
   FLATPAK_RUN_FLAG_NO_SESSION_HELPER  = (1 << 4),
   FLATPAK_RUN_FLAG_MULTIARCH          = (1 << 5),
+  FLATPAK_RUN_FLAG_WRITABLE_ETC       = (1 << 6),
 } FlatpakRunFlags;
 
 gboolean flatpak_run_setup_base_argv (GPtrArray      *argv_array,