]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9ebdb1e) | patch
nspawn: Don't remount with fewer options 428/head
authorRichard Maw <richard.maw@codethink.co.uk>
Tue, 30 Jun 2015 13:21:14 +0000 (13:21 +0000)
committerRichard Maw <richard.maw@codethink.co.uk>
Tue, 30 Jun 2015 14:05:03 +0000 (14:05 +0000)
commit3c59d4f21f714838ce0c28b2a4ff305e56a4a342
treef5587ef0b770713bf433acf83c395ce8e31be077tree | snapshot
parent9ebdb1e057045d2b96f5980c61667cd41914177bcommit | diff
nspawn: Don't remount with fewer options

When we do a MS_BIND mount, it inherits the flags of its parent mount.
When we do a remount, it sets the flags to exactly what is specified.
If we are in a user namespace then these mount points have their flags
locked, so you can't reduce the protection.

As a consequence, the default setup of mount_all doesn't work with user
namespaces. However if we ensure we add the mount flags of the parent
mount when remounting, then we aren't removing mount options, so we
aren't trying to unlock an option that we aren't allowed to.
src/nspawn/nspawn.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.