diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-03-20 04:16:39 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-03-20 04:16:39 +0100 |
commit | c2c13f2df42e0691aecabe3979ea81cd7faa35c7 (patch) | |
tree | 8a0930ab83eac1e5c10ccb0c8d41d615e21a4c51 /src | |
parent | b5640d824565ac4e305714598d4828de21ceaea1 (diff) |
unit: turn off mount propagation for udevd
Keep mounts done by udev rules private to udevd. Also, document how
MountFlags= may be used for this.
Diffstat (limited to 'src')
-rw-r--r-- | src/core/load-fragment.c | 10 | ||||
-rw-r--r-- | src/core/namespace.c | 40 |
2 files changed, 27 insertions, 23 deletions
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index 1c7ac75dd8..fa4e931b23 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -1125,15 +1125,13 @@ int config_parse_exec_mount_flags(const char *unit, return log_oom(); if (streq(t, "shared")) - flags |= MS_SHARED; + flags = MS_SHARED; else if (streq(t, "slave")) - flags |= MS_SLAVE; + flags = MS_SLAVE; else if (streq(w, "private")) - flags |= MS_PRIVATE; + flags = MS_PRIVATE; else { - log_syntax(unit, LOG_ERR, filename, line, EINVAL, - "Failed to parse mount flag %s, ignoring: %s", - t, rvalue); + log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Failed to parse mount flag %s, ignoring: %s", t, rvalue); return 0; } } diff --git a/src/core/namespace.c b/src/core/namespace.c index 4cbb0a1565..9f15211cb6 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -387,24 +387,28 @@ int setup_namespace( drop_duplicates(mounts, &n); } - /* Remount / as SLAVE so that nothing now mounted in the namespace - shows up in the parent */ - if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) - return -errno; + if (n > 0) { + /* Remount / as SLAVE so that nothing now mounted in the namespace + shows up in the parent */ + if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) + return -errno; - for (m = mounts; m < mounts + n; ++m) { - r = apply_mount(m, tmp_dir, var_tmp_dir); - if (r < 0) - goto fail; - } + for (m = mounts; m < mounts + n; ++m) { + r = apply_mount(m, tmp_dir, var_tmp_dir); + if (r < 0) + goto fail; + } - for (m = mounts; m < mounts + n; ++m) { - r = make_read_only(m); - if (r < 0) - goto fail; + for (m = mounts; m < mounts + n; ++m) { + r = make_read_only(m); + if (r < 0) + goto fail; + } } - /* Remount / as the desired mode */ + /* Remount / as the desired mode. Not that this will not + * reestablish propagation from our side to the host, since + * what's disconnected is disconnected. */ if (mount(NULL, "/", NULL, mount_flags | MS_REC, NULL) < 0) { r = -errno; goto fail; @@ -413,9 +417,11 @@ int setup_namespace( return 0; fail: - for (m = mounts; m < mounts + n; ++m) - if (m->done) - umount2(m->path, MNT_DETACH); + if (n > 0) { + for (m = mounts; m < mounts + n; ++m) + if (m->done) + umount2(m->path, MNT_DETACH); + } return r; } |