nspawn,namespaces: make sure we recursively bind mount things in

We want to make sure that everything from the host is also visible in the sandbox.
author: Lennart Poettering <lennart@poettering.net> 2012-08-13 16:25:03 +0200
committer: Lennart Poettering <lennart@poettering.net> 2012-08-13 16:25:03 +0200
commit: 1e41be20158a6d982c34cea20e66ff271302abc5 (patch)
tree: ac68ed66280435db1883b984268ae9b19d44d455 /src/core/namespace.c
parent: aed5a525777be452c8a451793cf9c16990ac5515 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/core/namespace.c b/src/core/namespace.c
index 5c2a24653c..ba18ddc5b0 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -156,7 +156,7 @@ static int apply_mount(
 
         assert(what);
 
-        r = mount(what, p->path, NULL, MS_BIND, NULL);
+        r = mount(what, p->path, NULL, MS_BIND|MS_REC, NULL);
         if (r >= 0)
                 log_debug("Successfully mounted %s to %s", what, p->path);
 
@@ -171,7 +171,7 @@ static int make_read_only(Path *p) {
         if (p->mode != INACCESSIBLE && p->mode != READONLY)
                 return 0;
 
-        r = mount(NULL, p->path, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY, NULL);
+        r = mount(NULL, p->path, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY|MS_REC, NULL);
         if (r < 0)
                 return -errno;
author	Lennart Poettering <lennart@poettering.net>	2012-08-13 16:25:03 +0200
committer	Lennart Poettering <lennart@poettering.net>	2012-08-13 16:25:03 +0200
commit	1e41be20158a6d982c34cea20e66ff271302abc5 (patch)
tree	ac68ed66280435db1883b984268ae9b19d44d455 /src/core/namespace.c
parent	aed5a525777be452c8a451793cf9c16990ac5515 (diff)