picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

nspawn,namespaces: make sure we recursively bind mount things in 

We want to make sure that everything from the host is also visible in
the sandbox.
This commit is contained in:
Lennart Poettering 2012-08-13 16:25:03 +02:00
parent aed5a52577
commit 1e41be2015
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/core/namespace.c
View File

@ -156,7 +156,7 @@ static int apply_mount(
assert(what);
r = mount(what, p->path, NULL, MS_BIND, NULL);
r = mount(what, p->path, NULL, MS_BIND|MS_REC, NULL);
if (r >= 0)
log_debug("Successfully mounted %s to %s", what, p->path);
@ -171,7 +171,7 @@ static int make_read_only(Path *p) {
if (p->mode != INACCESSIBLE && p->mode != READONLY)
return 0;
r = mount(NULL, p->path, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY, NULL);
r = mount(NULL, p->path, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY|MS_REC, NULL);
if (r < 0)
return -errno;

4
src/nspawn/nspawn.c
View File

@ -1187,13 +1187,13 @@ int main(int argc, char *argv[]) {
}
/* Turn directory into bind mount */
if (mount(arg_directory, arg_directory, "bind", MS_BIND, NULL) < 0) {
if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REC, NULL) < 0) {
log_error("Failed to make bind mount.");
goto child_fail;
}
if (arg_read_only)
if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) {
if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REMOUNT|MS_RDONLY|MS_REC, NULL) < 0) {
log_error("Failed to make read-only.");
goto child_fail;
}