summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-01-23 01:43:16 +0100
committerLennart Poettering <lennart@poettering.net>2015-01-23 01:43:16 +0100
commitc0534580aca48c65a5f240b093f8d0cc33eb98b9 (patch)
treeed23c6fd1aefcf72a4a473a5489fdf159b504df3 /src
parentbbb99c30d01a8bcdc27fb151cc6376a7877a6b07 (diff)
nspawn: when mounting the cgroup hierarchies, use the exact same mount options for the superblock as the host
Otherwise we'll generate kernel runtime warnings about non-matching mount options.
Diffstat (limited to 'src')
-rw-r--r--src/nspawn/nspawn.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 4e465dfe4f..2beb810e5d 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -972,9 +972,17 @@ static int mount_cgroup_hierarchy(const char *dest, const char *controller, cons
mkdir_p(to, 0755);
- if (mount("cgroup", to, "cgroup", MS_NOSUID|MS_NOEXEC|MS_NODEV|(read_only ? MS_RDONLY : 0), controller) < 0)
+ /* The superblock mount options of the mount point need to be
+ * identical to the hosts', and hence writable... */
+ if (mount("cgroup", to, "cgroup", MS_NOSUID|MS_NOEXEC|MS_NODEV, controller) < 0)
return log_error_errno(errno, "Failed to mount to %s: %m", to);
+ /* ... hence let's only make the bind mount read-only, not the
+ * superblock. */
+ if (read_only) {
+ if (mount(NULL, to, NULL, MS_BIND|MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, NULL) < 0)
+ return log_error_errno(errno, "Failed to remount %s read-only: %m", to);
+ }
return 1;
}
@@ -1044,7 +1052,7 @@ static int mount_cgroup(const char *dest) {
}
}
- r = mount_cgroup_hierarchy(dest, "name=systemd", "systemd", false);
+ r = mount_cgroup_hierarchy(dest, "name=systemd,xattr", "systemd", false);
if (r < 0)
return r;