namespace: beef up read-only bind mount logic

Instead of blindly creating another bind mount for read-only mounts, check if there's already one we can use, and if so, use it. Also, recursively mark all submounts read-only too. Also, ignore autofs mounts when remounting read-only unless they are already triggered.
author: Lennart Poettering <lennart@poettering.net> 2014-06-06 11:42:25 +0200
committer: Lennart Poettering <lennart@poettering.net> 2014-06-06 14:37:40 +0200
commit: d6797c920e9eb70f46a893c00fdd9ecb86d15f84 (patch)
tree: 7029ba9333ceb289752c85f154f4fa1350fa941d /man/systemd.exec.xml
parent: c8835999c33c0443bf91e1a8fa6dd716a8ff0b0f (diff)
1 files changed, 6 insertions, 8 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index c5bb55c556..c419424d9d 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -777,8 +777,8 @@
                                 <term><varname>ReadOnlyDirectories=</varname></term>
                                 <term><varname>InaccessibleDirectories=</varname></term>
 
-                                <listitem><para>Sets up a new
-                                file system namespace for executed
+                                <listitem><para>Sets up a new file
+                                system namespace for executed
                                 processes. These options may be used
                                 to limit access a process might have
                                 to the main file system
@@ -799,16 +799,14 @@
                                 processes inside the namespace. Note
                                 that restricting access with these
                                 options does not extend to submounts
-                                of a directory. You must list
-                                submounts separately in these settings
-                                to ensure the same limited
-                                access. These options may be specified
+                                of a directory that are created later
+                                on. These options may be specified
                                 more than once in which case all
                                 directories listed will have limited
                                 access from within the namespace. If
                                 the empty string is assigned to this
-                                option, the specific list is reset, and
-                                all prior assignments have no
+                                option, the specific list is reset,
+                                and all prior assignments have no
                                 effect.</para>
                                 <para>Paths in
                                 <varname>ReadOnlyDirectories=</varname>
author	Lennart Poettering <lennart@poettering.net>	2014-06-06 11:42:25 +0200
committer	Lennart Poettering <lennart@poettering.net>	2014-06-06 14:37:40 +0200
commit	d6797c920e9eb70f46a893c00fdd9ecb86d15f84 (patch)
tree	7029ba9333ceb289752c85f154f4fa1350fa941d /man/systemd.exec.xml
parent	c8835999c33c0443bf91e1a8fa6dd716a8ff0b0f (diff)