From 6f67a45d8e61d69bf4f75e1da3edcf9fe7d89982 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 13 Aug 2012 15:23:10 +0200
Subject: [PATCH] nspawn: inherit mounts from real root, don't propagate mounts
 to real root

---
 src/nspawn/nspawn.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index b9fa02dc7..df858a57e 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1178,9 +1178,11 @@ int main(int argc, char *argv[]) {
                         goto child_fail;
                 }
 
-                /* Mark / as private, in case somebody marked it shared */
-                if (mount(NULL, "/", NULL, MS_PRIVATE|MS_REC, NULL) < 0) {
-                        log_error("MS_PRIVATE|MS_REC failed: %m");
+                /* Mark everything as slave, so that we still
+                 * receive mounts from the real root, but don't
+                 * propagate mounts to the real root. */
+                if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
+                        log_error("MS_SLAVE|MS_REC failed: %m");
                         goto child_fail;
                 }
 
@@ -1224,8 +1226,8 @@ int main(int argc, char *argv[]) {
                         goto child_fail;
                 }
 
-                if (mount(arg_directory, "/", "bind", MS_MOVE, NULL) < 0) {
-                        log_error("mount(MS_BIND) failed: %m");
+                if (mount(arg_directory, "/", NULL, MS_MOVE, NULL) < 0) {
+                        log_error("mount(MS_MOVE) failed: %m");
                         goto child_fail;
                 }
 
-- 
2.30.2