Historically, recursive read-only remounts of bind-mounts would only turn the top-level mount read-only. This is not a very good default, however, as it tend to surprise people.
Linux 5.12 has given us the means to do so via a new mount_setattr system call. This system call allows the caller to change properties of any given mount, and the combination of AT_RECURSIVE with MOUNT_ATTR_RDONLY has the previously described effect of going through all entries of the mount table recursively, and making them read-only.
Historically, recursive read-only remounts of bind-mounts would only turn the top-level mount read-only. This is not a very good default, however, as it tend to surprise people.
Linux 5.12 has given us the means to do so via a new mount_setattr system call. This system call allows the caller to change properties of any given mount, and the combination of AT_RECURSIVE with MOUNT_ATTR_RDONLY has the previously described effect of going through all entries of the mount table recursively, and making them read-only.