diff options
author | Lennart Poettering <lennart@poettering.net> | 2012-08-13 15:23:10 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2012-08-13 15:23:10 +0200 |
commit | 6f67a45d8e61d69bf4f75e1da3edcf9fe7d89982 (patch) | |
tree | c607e0d541deef5ac528345202abbd5b3a87b242 /src/nspawn | |
parent | f47fc35555565c4b161c2e44b357b4dbaf3a997d (diff) |
nspawn: inherit mounts from real root, don't propagate mounts to real root
Diffstat (limited to 'src/nspawn')
-rw-r--r-- | src/nspawn/nspawn.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index b9fa02dc76..df858a57e6 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -1178,9 +1178,11 @@ int main(int argc, char *argv[]) { goto child_fail; } - /* Mark / as private, in case somebody marked it shared */ - if (mount(NULL, "/", NULL, MS_PRIVATE|MS_REC, NULL) < 0) { - log_error("MS_PRIVATE|MS_REC failed: %m"); + /* Mark everything as slave, so that we still + * receive mounts from the real root, but don't + * propagate mounts to the real root. */ + if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) { + log_error("MS_SLAVE|MS_REC failed: %m"); goto child_fail; } @@ -1224,8 +1226,8 @@ int main(int argc, char *argv[]) { goto child_fail; } - if (mount(arg_directory, "/", "bind", MS_MOVE, NULL) < 0) { - log_error("mount(MS_BIND) failed: %m"); + if (mount(arg_directory, "/", NULL, MS_MOVE, NULL) < 0) { + log_error("mount(MS_MOVE) failed: %m"); goto child_fail; } |