From: Topi Miettinen <toiwoton@gmail.com>
Date: Tue, 7 Dec 2021 20:34:17 +0000 (+0200)
Subject: namespace: allow overriding /run with a TemporaryFileSystem=
X-Git-Tag: v250-rc3~67
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=124139859e505c630aec6605d3c5ec923f531e24;p=thirdparty%2Fsystemd.git

namespace: allow overriding /run with a TemporaryFileSystem=

Lower priority of RUN, so that TMPFS and especially the mount flags given with
`TemporaryFileSystem=` are used.

This allows making `/run` private with drop-ins such as:
```
[Service]
BindReadOnlyPaths=/run/systemd:/run/systemd:norbind
TemporaryFileSystem=/run:nodev,noexec,nosuid,rw,size=32k,nr_inodes=10,mode=0755
```
---

diff --git a/src/core/namespace.c b/src/core/namespace.c
index 9c8a5fdde20..c549dcc96be 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -57,12 +57,12 @@ typedef enum MountMode {
         EMPTY_DIR,
         SYSFS,
         PROCFS,
-        RUN,
         READONLY,
         READWRITE,
         NOEXEC,
         EXEC,
         TMPFS,
+        RUN,
         EXTENSION_IMAGES, /* Mounted outside the root directory, and used by subsequent mounts */
         MQUEUEFS,
         READWRITE_IMPLICIT, /* Should have the lowest priority. */