#include "path-util.h"
#include "loopback-setup.h"
#include "sd-id128.h"
+#include "dev-setup.h"
typedef enum LinkJournal {
LINK_NO,
{ "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
{ "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND, true }, /* Bind mount first */
{ NULL, "/proc/sys", NULL, NULL, MS_BIND|MS_RDONLY|MS_REMOUNT, true }, /* Then, make it r/o */
- { "/sys", "/sys", NULL, NULL, MS_BIND, true }, /* Bind mount first */
- { NULL, "/sys", NULL, NULL, MS_BIND|MS_RDONLY|MS_REMOUNT, true }, /* Then, make it r/o */
+ { "sysfs", "/sys", "sysfs", NULL, MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
{ "tmpfs", "/dev", "tmpfs", "mode=755", MS_NOSUID|MS_STRICTATIME, true },
{ "/dev/pts", "/dev/pts", NULL, NULL, MS_BIND, true },
{ "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true },
break;
}
- t = path_is_mount_point(where, false);
+ t = path_is_mount_point(where, true);
if (t < 0) {
log_error("Failed to detect whether %s is a mount point: %s", where, strerror(-t));
free(where);
continue;
}
+ /* Skip this entry if it is not a remount. */
+ if (mount_table[k].what && t > 0)
+ continue;
+
mkdir_p_label(where, 0755);
if (mount(mount_table[k].what,
}
/* Turn directory into bind mount */
- if (mount(arg_directory, arg_directory, "bind", MS_BIND, NULL) < 0) {
+ if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REC, NULL) < 0) {
log_error("Failed to make bind mount.");
goto child_fail;
}
if (arg_read_only)
- if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) {
+ if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REMOUNT|MS_RDONLY|MS_REC, NULL) < 0) {
log_error("Failed to make read-only.");
goto child_fail;
}
if (copy_devnodes(arg_directory) < 0)
goto child_fail;
+ dev_setup(arg_directory);
+
if (setup_dev_console(arg_directory, console) < 0)
goto child_fail;