core: setup mount namespace when RootDirectory= and RuntimeDirectory= or friends are set

The directories specified by RuntimeDirectory= or friends are created on host. So, it is necessary to bind-mount them on root directory.
2018-05-25 17:32:55 +09:00 · 2018-05-25 17:32:55 +09:00 · 37c56f89d2
parent 5609f6888b
commit 37c56f89d2
1 changed files with 14 additions and 2 deletions
--- a/src/core/execute.c
+++ b/src/core/execute.c
@ -1787,8 +1787,20 @@ static bool exec_needs_mount_namespace(
            context->protect_control_groups)
                return true;

-        if (context->mount_apivfs && (context->root_image || context->root_directory))
-                return true;
+        if (context->root_directory) {
+                ExecDirectoryType t;
+
+                if (context->mount_apivfs)
+                        return true;
+
+                for (t = 0; t < _EXEC_DIRECTORY_TYPE_MAX; t++) {
+                        if (!params->prefix[t])
+                                continue;
+
+                        if (!strv_isempty(context->directories[t].paths))
+                                return true;
+                }
+        }

        if (context->dynamic_user &&
            (!strv_isempty(context->directories[EXEC_DIRECTORY_STATE].paths) ||