unit: turn off mount propagation for udevd

Keep mounts done by udev rules private to udevd. Also, document how MountFlags= may be used for this.
author: Lennart Poettering <lennart@poettering.net> 2014-03-20 04:16:39 +0100
committer: Lennart Poettering <lennart@poettering.net> 2014-03-20 04:16:39 +0100
commit: c2c13f2df42e0691aecabe3979ea81cd7faa35c7 (patch)
tree: 8a0930ab83eac1e5c10ccb0c8d41d615e21a4c51 /src/core/namespace.c
parent: b5640d824565ac4e305714598d4828de21ceaea1 (diff)
1 files changed, 23 insertions, 17 deletions
diff --git a/src/core/namespace.c b/src/core/namespace.c
index 4cbb0a1565..9f15211cb6 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -387,24 +387,28 @@ int setup_namespace(
                 drop_duplicates(mounts, &n);
         }
 
-        /* Remount / as SLAVE so that nothing now mounted in the namespace
-           shows up in the parent */
-        if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0)
-                return -errno;
+        if (n > 0) {
+                /* Remount / as SLAVE so that nothing now mounted in the namespace
+                   shows up in the parent */
+                if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0)
+                        return -errno;
 
-        for (m = mounts; m < mounts + n; ++m) {
-                r = apply_mount(m, tmp_dir, var_tmp_dir);
-                if (r < 0)
-                        goto fail;
-        }
+                for (m = mounts; m < mounts + n; ++m) {
+                        r = apply_mount(m, tmp_dir, var_tmp_dir);
+                        if (r < 0)
+                                goto fail;
+                }
 
-        for (m = mounts; m < mounts + n; ++m) {
-                r = make_read_only(m);
-                if (r < 0)
-                        goto fail;
+                for (m = mounts; m < mounts + n; ++m) {
+                        r = make_read_only(m);
+                        if (r < 0)
+                                goto fail;
+                }
         }
 
-        /* Remount / as the desired mode */
+        /* Remount / as the desired mode. Not that this will not
+         * reestablish propagation from our side to the host, since
+         * what's disconnected is disconnected. */
         if (mount(NULL, "/", NULL, mount_flags | MS_REC, NULL) < 0) {
                 r = -errno;
                 goto fail;
@@ -413,9 +417,11 @@ int setup_namespace(
         return 0;
 
 fail:
-        for (m = mounts; m < mounts + n; ++m)
-                if (m->done)
-                        umount2(m->path, MNT_DETACH);
+        if (n > 0) {
+                for (m = mounts; m < mounts + n; ++m)
+                        if (m->done)
+                                umount2(m->path, MNT_DETACH);
+        }
 
         return r;
 }
author	Lennart Poettering <lennart@poettering.net>	2014-03-20 04:16:39 +0100
committer	Lennart Poettering <lennart@poettering.net>	2014-03-20 04:16:39 +0100
commit	c2c13f2df42e0691aecabe3979ea81cd7faa35c7 (patch)
tree	8a0930ab83eac1e5c10ccb0c8d41d615e21a4c51 /src/core/namespace.c
parent	b5640d824565ac4e305714598d4828de21ceaea1 (diff)