summaryrefslogtreecommitdiff
path: root/src/nspawn
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2012-08-13 16:25:03 +0200
committerLennart Poettering <lennart@poettering.net>2012-08-13 16:25:03 +0200
commit1e41be20158a6d982c34cea20e66ff271302abc5 (patch)
treeac68ed66280435db1883b984268ae9b19d44d455 /src/nspawn
parentaed5a525777be452c8a451793cf9c16990ac5515 (diff)
nspawn,namespaces: make sure we recursively bind mount things in
We want to make sure that everything from the host is also visible in the sandbox.
Diffstat (limited to 'src/nspawn')
-rw-r--r--src/nspawn/nspawn.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 78b5602e58..7d188f0712 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1187,13 +1187,13 @@ int main(int argc, char *argv[]) {
}
/* Turn directory into bind mount */
- if (mount(arg_directory, arg_directory, "bind", MS_BIND, NULL) < 0) {
+ if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REC, NULL) < 0) {
log_error("Failed to make bind mount.");
goto child_fail;
}
if (arg_read_only)
- if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) {
+ if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REMOUNT|MS_RDONLY|MS_REC, NULL) < 0) {
log_error("Failed to make read-only.");
goto child_fail;
}