chiark / gitweb /
nspawn: inherit mounts from real root, don't propagate mounts to real root
authorLennart Poettering <lennart@poettering.net>
Mon, 13 Aug 2012 13:23:10 +0000 (15:23 +0200)
committerLennart Poettering <lennart@poettering.net>
Mon, 13 Aug 2012 13:23:10 +0000 (15:23 +0200)
src/nspawn/nspawn.c

index b9fa02d..df858a5 100644 (file)
@@ -1178,9 +1178,11 @@ int main(int argc, char *argv[]) {
                         goto child_fail;
                 }
 
-                /* Mark / as private, in case somebody marked it shared */
-                if (mount(NULL, "/", NULL, MS_PRIVATE|MS_REC, NULL) < 0) {
-                        log_error("MS_PRIVATE|MS_REC failed: %m");
+                /* Mark everything as slave, so that we still
+                 * receive mounts from the real root, but don't
+                 * propagate mounts to the real root. */
+                if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
+                        log_error("MS_SLAVE|MS_REC failed: %m");
                         goto child_fail;
                 }
 
@@ -1224,8 +1226,8 @@ int main(int argc, char *argv[]) {
                         goto child_fail;
                 }
 
-                if (mount(arg_directory, "/", "bind", MS_MOVE, NULL) < 0) {
-                        log_error("mount(MS_BIND) failed: %m");
+                if (mount(arg_directory, "/", NULL, MS_MOVE, NULL) < 0) {
+                        log_error("mount(MS_MOVE) failed: %m");
                         goto child_fail;
                 }