nspawn: decouple --boot from CLONE_NEWIPC (#4180)

This commit is a minor tweak after the split of `--share-system`, decoupling the `--boot` option from IPC namespacing. Historically there has been a single `--share-system` option for sharing IPC/PID/UTS with the host, which was incompatible with boot/pid1 mode. After the split, it is now possible to express the requirements with better granularity. For reference, this is a followup to #4023 which contains references to previous discussions. I realized too late that CLONE_NEWIPC is not strictly needed for boot mode.
author: Luca Bruno <luca.bruno@coreos.com> 2016-09-24 12:30:42 +0000
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2016-09-24 08:30:42 -0400
commit: 48a8d337a62cfa444769dfb8b1a7857fd8fb50e6 (patch)
tree: 0024087eb8dda4a25202ad0b58a53ad2f0fe632e /src/nspawn/nspawn.c
parent: a4d373452dc71d8a4e03608e7b64de0923042df8 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 632c12898f..0d61d34ebf 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1045,7 +1045,8 @@ static int parse_argv(int argc, char *argv[]) {
         parse_share_ns_env("SYSTEMD_NSPAWN_SHARE_NS_UTS", CLONE_NEWUTS);
         parse_share_ns_env("SYSTEMD_NSPAWN_SHARE_SYSTEM", CLONE_NEWIPC|CLONE_NEWPID|CLONE_NEWUTS);
 
-        if (arg_clone_ns_flags != (CLONE_NEWIPC|CLONE_NEWPID|CLONE_NEWUTS)) {
+        if (!(arg_clone_ns_flags & CLONE_NEWPID) ||
+            !(arg_clone_ns_flags & CLONE_NEWUTS)) {
                 arg_register = false;
                 if (arg_start_mode != START_PID1) {
                         log_error("--boot cannot be used without namespacing.");
author	Luca Bruno <luca.bruno@coreos.com>	2016-09-24 12:30:42 +0000
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2016-09-24 08:30:42 -0400
commit	48a8d337a62cfa444769dfb8b1a7857fd8fb50e6 (patch)
tree	0024087eb8dda4a25202ad0b58a53ad2f0fe632e /src/nspawn/nspawn.c
parent	a4d373452dc71d8a4e03608e7b64de0923042df8 (diff)