namespace: allow overriding /run with a TemporaryFileSystem=

Lower priority of RUN, so that TMPFS and especially the mount flags given with
`TemporaryFileSystem=` are used.

This allows making `/run` private with drop-ins such as:
```
[Service]
BindReadOnlyPaths=/run/systemd:/run/systemd:norbind
TemporaryFileSystem=/run:nodev,noexec,nosuid,rw,size=32k,nr_inodes=10,mode=0755
```

diff --git a/src/core/namespace.c b/src/core/namespace.c
index 9c8a5fdde2085bf6bea00671a780a2194749b7ef..c549dcc96be4d19d0df6e9541da160dace34b401 100644 (file)
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -57,12 +57,12 @@ typedef enum MountMode {
         EMPTY_DIR,
         SYSFS,
         PROCFS,
-        RUN,
         READONLY,
         READWRITE,
         NOEXEC,
         EXEC,
         TMPFS,
+        RUN,
         EXTENSION_IMAGES, /* Mounted outside the root directory, and used by subsequent mounts */
         MQUEUEFS,
         READWRITE_IMPLICIT, /* Should have the lowest priority. */