+ where = strappend(dest, "/etc/resolv.conf");
+ if (!where)
+ return log_oom();
+
+ fd = open(where, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644);
+
+ /* We don't really care for the results of this really. If it
+ * fails, it fails, but meh... */
+ if (mount("/etc/resolv.conf", where, "bind", MS_BIND, NULL) < 0)
+ log_warning("Failed to bind mount /etc/resolv.conf: %m");
+ else
+ if (mount("/etc/resolv.conf", where, "bind",
+ MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) {
+ log_error("Failed to remount /etc/resolv.conf readonly: %m");
+ return -errno;
+ }
+
+ return 0;
+}
+
+static int setup_boot_id(const char *dest) {
+ _cleanup_free_ char *from = NULL, *to = NULL;
+ sd_id128_t rnd;
+ char as_uuid[37];
+ int r;
+
+ assert(dest);
+
+ /* Generate a new randomized boot ID, so that each boot-up of
+ * the container gets a new one */
+
+ from = strappend(dest, "/dev/proc-sys-kernel-random-boot-id");
+ to = strappend(dest, "/proc/sys/kernel/random/boot_id");
+ if (!from || !to)
+ return log_oom();
+
+ r = sd_id128_randomize(&rnd);
+ if (r < 0) {
+ log_error("Failed to generate random boot id: %s", strerror(-r));
+ return r;