From: Daan De Meyer <daan@amutable.com>
Date: Mon, 23 Mar 2026 20:58:28 +0000 (+0100)
Subject: vmspawn: Drop --sandbox=chroot from virtiofsd command line
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=da580dc1613592064dafe2fbae229a90f65986b8;p=thirdparty%2Fsystemd.git

vmspawn: Drop --sandbox=chroot from virtiofsd command line

It's unclear why I added this in fd05c6c7593c5e36864d8784df91b878bbf991ab,
but it breaks bind mounting regular directories via --bind,
so drop it again since it's not actually required to make virtiofsd
work with the foreign UID range.
---

diff --git a/src/vmspawn/vmspawn.c b/src/vmspawn/vmspawn.c
index cacfc15f7e7..c114693d911 100644
--- a/src/vmspawn/vmspawn.c
+++ b/src/vmspawn/vmspawn.c
@@ -1558,7 +1558,6 @@ static int start_virtiofsd(
                         "--shared-dir", source_uid == FOREIGN_UID_MIN ? "/run/systemd/mount-rootfs" : directory,
                         "--xattr",
                         "--fd", sockstr,
-                        "--sandbox=chroot",
                         "--no-announce-submounts");
         if (!argv)
                 return log_oom();