- bool need_inaccessible = false;
- bool remove_tmp = false, remove_var_tmp = false, remove_inaccessible = false;
- int r;
+ int r = 0;
+
+ if (mount_flags == 0)
+ mount_flags = MS_SHARED;
+
+ if (unshare(CLONE_NEWNS) < 0)
+ return -errno;
+
+ n = !!tmp_dir + !!var_tmp_dir +
+ strv_length(read_write_dirs) +
+ strv_length(read_only_dirs) +
+ strv_length(inaccessible_dirs);
+
+ if (n > 0) {
+ m = mounts = (BindMount *) alloca(n * sizeof(BindMount));
+ r = append_mounts(&m, read_write_dirs, READWRITE);
+ if (r < 0)
+ return r;
+
+ r = append_mounts(&m, read_only_dirs, READONLY);
+ if (r < 0)
+ return r;
+
+ r = append_mounts(&m, inaccessible_dirs, INACCESSIBLE);
+ if (r < 0)
+ return r;
+
+ if (tmp_dir) {
+ m->path = "/tmp";
+ m->mode = PRIVATE_TMP;
+ m++;
+ }
+
+ if (var_tmp_dir) {
+ m->path = "/var/tmp";
+ m->mode = PRIVATE_VAR_TMP;
+ m++;
+ }