-/*-*- Mode: C; c-basic-offset: 8 -*-*/
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
/***
This file is part of systemd.
case PRIVATE:
what = private_dir;
break;
+
+ default:
+ assert_not_reached("Unknown mode");
}
if ((r = mount(what, where, NULL, MS_BIND|MS_REC, NULL)) >= 0) {
/* The bind mount will always inherit the original
* flags. If we want to set any flag we need
- * to do so in a second indepdant step. */
+ * to do so in a second independent step. */
if (flags)
r = mount(NULL, where, NULL, MS_REMOUNT|MS_BIND|MS_REC|flags, NULL);
- /* Avoid expontial growth of trees */
+ /* Avoid exponential growth of trees */
if (r >= 0 && path_equal(p->path, "/"))
r = mount(NULL, where, NULL, MS_REMOUNT|MS_BIND|MS_UNBINDABLE|flags, NULL);
goto fail;
}
- /* We assume that by default mount events from us won't be
- * propagated to the root namespace. */
+ /* Remount / as SLAVE so that nothing mounted in the namespace
+ shows up in the parent */
+ if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
+ r = -errno;
+ goto fail;
+ }
for (p = paths; p < paths + n; p++)
if ((r = apply_mount(p, root_dir, inaccessible_dir, private_dir, flags)) < 0)