From c0534580aca48c65a5f240b093f8d0cc33eb98b9 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 23 Jan 2015 01:43:16 +0100 Subject: [PATCH] nspawn: when mounting the cgroup hierarchies, use the exact same mount options for the superblock as the host Otherwise we'll generate kernel runtime warnings about non-matching mount options. --- src/nspawn/nspawn.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 4e465dfe4..2beb810e5 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -972,9 +972,17 @@ static int mount_cgroup_hierarchy(const char *dest, const char *controller, cons mkdir_p(to, 0755); - if (mount("cgroup", to, "cgroup", MS_NOSUID|MS_NOEXEC|MS_NODEV|(read_only ? MS_RDONLY : 0), controller) < 0) + /* The superblock mount options of the mount point need to be + * identical to the hosts', and hence writable... */ + if (mount("cgroup", to, "cgroup", MS_NOSUID|MS_NOEXEC|MS_NODEV, controller) < 0) return log_error_errno(errno, "Failed to mount to %s: %m", to); + /* ... hence let's only make the bind mount read-only, not the + * superblock. */ + if (read_only) { + if (mount(NULL, to, NULL, MS_BIND|MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, NULL) < 0) + return log_error_errno(errno, "Failed to remount %s read-only: %m", to); + } return 1; } @@ -1044,7 +1052,7 @@ static int mount_cgroup(const char *dest) { } } - r = mount_cgroup_hierarchy(dest, "name=systemd", "systemd", false); + r = mount_cgroup_hierarchy(dest, "name=systemd,xattr", "systemd", false); if (r < 0) return r; -- 2.30.2