diff --git a/yocto-build-env/s6-overlay/s6-rc.d/lock-manager/run b/yocto-build-env/s6-overlay/s6-rc.d/lock-manager/run
index 0916d44..68e7a08 100644
--- a/yocto-build-env/s6-overlay/s6-rc.d/lock-manager/run
+++ b/yocto-build-env/s6-overlay/s6-rc.d/lock-manager/run
@@ -8,29 +8,23 @@ LOCKFILE=/tmp/balena/updates.lock
 
 while true; do
     (
+        # request an exclusive lock in non-blocking mode
+        flock -n 200 || exit 0
+
         # check for active sessions
         while last | grep -q "still logged in"; do
 
-            # create the lockfile
-            touch $LOCKFILE
-
-            # create a file descriptor over the given lockfile
-            exec {fd}<>${LOCKFILE}
-
-            # request an exclusive lock in non-blocking mode
-            flock -n $fd || exit 0
-
             echo "Updates are locked while sessions are active..."
             last | grep "still logged in"
 
             # wait 30 seconds before checking again
             # updates are locked during this time
             sleep 30
-
         done
-    )
+    ) 200>$LOCKFILE
 
-    # remove the lockfile (this should be unecessary?)
+    # remove the lockfile
+    # FIXME: why is this required when the lock is already released?
     rm -f $LOCKFILE
 
     # wait 5 seconds before checking again
diff --git a/yocto-build-env/s6-overlay/scripts/addusers b/yocto-build-env/s6-overlay/scripts/addusers
index fa47f80..4b5bf57 100644
--- a/yocto-build-env/s6-overlay/scripts/addusers
+++ b/yocto-build-env/s6-overlay/scripts/addusers
@@ -48,3 +48,10 @@ for user_id in ${user_ids}; do
     # fetch the user's ssh keys from github
     fetch_ssh_keys "${name}" "$(eval echo ~"${name}")" || true
 done
+
+if [ -n "${SET_HOSTNAME:-}" ]; then
+    # set the desired hostname
+    echo "${SET_HOSTNAME}" > /etc/hostname
+    hostname -F /etc/hostname
+    hostname
+fi