From 1e41be20158a6d982c34cea20e66ff271302abc5 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 13 Aug 2012 16:25:03 +0200
Subject: nspawn,namespaces: make sure we recursively bind mount things in

We want to make sure that everything from the host is also visible in
the sandbox.
---
 src/nspawn/nspawn.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/nspawn')

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 78b5602e58..7d188f0712 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1187,13 +1187,13 @@ int main(int argc, char *argv[]) {
                 }
 
                 /* Turn directory into bind mount */
-                if (mount(arg_directory, arg_directory, "bind", MS_BIND, NULL) < 0) {
+                if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REC, NULL) < 0) {
                         log_error("Failed to make bind mount.");
                         goto child_fail;
                 }
 
                 if (arg_read_only)
-                        if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) {
+                        if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REMOUNT|MS_RDONLY|MS_REC, NULL) < 0) {
                                 log_error("Failed to make read-only.");
                                 goto child_fail;
                         }
-- 
cgit v1.2.3-54-g00ecf