propagate_dir,
incoming_dir,
root_dir || root_image ? params->notify_socket : NULL,
- DISSECT_IMAGE_DISCARD_ON_LOOP|DISSECT_IMAGE_RELAX_VAR_CHECK|DISSECT_IMAGE_FSCK|DISSECT_IMAGE_USR_NO_ROOT,
error_path);
/* If we couldn't set up the namespace this is probably due to a missing capability. setup_namespace() reports
const char *propagate_dir,
const char *incoming_dir,
const char *notify_socket,
- DissectImageFlags dissect_image_flags,
char **error_path) {
_cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
MountEntry *m = NULL, *mounts = NULL;
bool require_prefix = false, setup_propagate = false;
const char *root, *extension_dir = "/run/systemd/unit-extensions";
+ DissectImageFlags dissect_image_flags =
+ DISSECT_IMAGE_GENERIC_ROOT |
+ DISSECT_IMAGE_REQUIRE_ROOT |
+ DISSECT_IMAGE_DISCARD_ON_LOOP |
+ DISSECT_IMAGE_RELAX_VAR_CHECK |
+ DISSECT_IMAGE_FSCK |
+ DISSECT_IMAGE_USR_NO_ROOT;
size_t n_mounts;
int r;
mount_flags = MS_SHARED;
if (root_image) {
- dissect_image_flags |= DISSECT_IMAGE_GENERIC_ROOT | DISSECT_IMAGE_REQUIRE_ROOT;
-
/* Make the whole image read-only if we can determine that we only access it in a read-only fashion. */
if (root_read_only(read_only_paths,
ns_info->protect_system) &&
const char *propagate_dir,
const char *incoming_dir,
const char *notify_socket,
- DissectImageFlags dissected_image_flags,
char **error_path);
#define RUN_SYSTEMD_EMPTY "/run/systemd/empty"