enter_chroot: Bind mount /lib/modules as read only.

This allows modprobing host modules inside the chroot such as
usbip-host.

BUG=None
TEST=modprobe usbip-host

Change-Id: Ie9948afec10c52ce6b7141d7002758e7f72f7995
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosutils/+/2134643
Tested-by: Allen Webb <allenwebb@google.com>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
diff --git a/sdk_lib/enter_chroot.sh b/sdk_lib/enter_chroot.sh
index 5615140..de0cecf 100755
--- a/sdk_lib/enter_chroot.sh
+++ b/sdk_lib/enter_chroot.sh
@@ -598,6 +598,13 @@
         warn "-- Note: modprobe fuse failed.  gmergefs will not work"
     fi
 
+    # Bind mount the host kernel modules read-only so modprobe can be used
+    # inside the chroot for things like usbip-host.
+    local modules_dir="/lib/modules"
+    if [ -d "${modules_dir}" ]; then
+      setup_mount "${modules_dir}" "--bind -o ro" "${modules_dir}"
+    fi
+
     # Fix permissions on ccache tree.  If this is a fresh chroot, then they
     # might not be set up yet.  Or if the user manually `rm -rf`-ed things,
     # we need to reset it.  Otherwise, gcc itself takes care of fixing things