From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 13 Aug 2012 13:23:10 +0000 (+0200)
Subject: nspawn: inherit mounts from real root, don't propagate mounts to real root
X-Git-Tag: v189~92
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=6f67a45d8e61d69bf4f75e1da3edcf9fe7d89982

nspawn: inherit mounts from real root, don't propagate mounts to real root
---

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index b9fa02dc7..df858a57e 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1178,9 +1178,11 @@ int main(int argc, char *argv[]) {
                         goto child_fail;
                 }
 
-                /* Mark / as private, in case somebody marked it shared */
-                if (mount(NULL, "/", NULL, MS_PRIVATE|MS_REC, NULL) < 0) {
-                        log_error("MS_PRIVATE|MS_REC failed: %m");
+                /* Mark everything as slave, so that we still
+                 * receive mounts from the real root, but don't
+                 * propagate mounts to the real root. */
+                if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
+                        log_error("MS_SLAVE|MS_REC failed: %m");
                         goto child_fail;
                 }
 
@@ -1224,8 +1226,8 @@ int main(int argc, char *argv[]) {
                         goto child_fail;
                 }
 
-                if (mount(arg_directory, "/", "bind", MS_MOVE, NULL) < 0) {
-                        log_error("mount(MS_BIND) failed: %m");
+                if (mount(arg_directory, "/", NULL, MS_MOVE, NULL) < 0) {
+                        log_error("mount(MS_MOVE) failed: %m");
                         goto child_fail;
                 }