core: add ability to define arbitrary bind mounts for services

This adds two new settings BindPaths= and BindReadOnlyPaths=. They allow defining arbitrary bind mounts specific to particular services. This is particularly useful for services with RootDirectory= set as this permits making specific bits of the host directory available to chrooted services. The two new settings follow the concepts nspawn already possess in --bind= and --bind-ro=, as well as the .nspawn settings Bind= and BindReadOnly= (and these latter options should probably be renamed to BindPaths= and BindReadOnlyPaths= too). Fixes: #3439
author: Lennart Poettering <lennart@poettering.net> 2016-11-23 22:21:40 +0100
committer: Lennart Poettering <lennart@poettering.net> 2016-12-14 00:54:10 +0100
commit: d2d6c096f6373a76f3b303a7a116e7cfe7139c4d (patch)
tree: 090a728bbf4f98d5758806f6c21f958a8d9e982c /src/core/execute.h
parent: 8fceda937f3a177d9e27b403fb5e1b34138b05f5 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/core/execute.h b/src/core/execute.h
index 951c8f4da3..84ab4339cf 100644
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -161,6 +161,8 @@ struct ExecContext {
 
         char **read_write_paths, **read_only_paths, **inaccessible_paths;
         unsigned long mount_flags;
+        BindMount *bind_mounts;
+        unsigned n_bind_mounts;
 
         uint64_t capability_bounding_set;
         uint64_t capability_ambient_set;
author	Lennart Poettering <lennart@poettering.net>	2016-11-23 22:21:40 +0100
committer	Lennart Poettering <lennart@poettering.net>	2016-12-14 00:54:10 +0100
commit	d2d6c096f6373a76f3b303a7a116e7cfe7139c4d (patch)
tree	090a728bbf4f98d5758806f6c21f958a8d9e982c /src/core/execute.h
parent	8fceda937f3a177d9e27b403fb5e1b34138b05f5 (diff)