From: Lennart Poettering Date: Mon, 13 Aug 2012 14:25:03 +0000 (+0200) Subject: nspawn,namespaces: make sure we recursively bind mount things in X-Git-Tag: v189~87 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=1e41be20158a6d982c34cea20e66ff271302abc5 nspawn,namespaces: make sure we recursively bind mount things in We want to make sure that everything from the host is also visible in the sandbox. --- diff --git a/src/core/namespace.c b/src/core/namespace.c index 5c2a24653..ba18ddc5b 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -156,7 +156,7 @@ static int apply_mount( assert(what); - r = mount(what, p->path, NULL, MS_BIND, NULL); + r = mount(what, p->path, NULL, MS_BIND|MS_REC, NULL); if (r >= 0) log_debug("Successfully mounted %s to %s", what, p->path); @@ -171,7 +171,7 @@ static int make_read_only(Path *p) { if (p->mode != INACCESSIBLE && p->mode != READONLY) return 0; - r = mount(NULL, p->path, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY, NULL); + r = mount(NULL, p->path, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY|MS_REC, NULL); if (r < 0) return -errno; diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 78b5602e5..7d188f071 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -1187,13 +1187,13 @@ int main(int argc, char *argv[]) { } /* Turn directory into bind mount */ - if (mount(arg_directory, arg_directory, "bind", MS_BIND, NULL) < 0) { + if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REC, NULL) < 0) { log_error("Failed to make bind mount."); goto child_fail; } if (arg_read_only) - if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) { + if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REMOUNT|MS_RDONLY|MS_REC, NULL) < 0) { log_error("Failed to make read-only."); goto child_fail; }