nspawn: only remount /usr/ with idmap when --volatile=yes

The root directory is already mounted with a picked UID shift, hence
it is not necessary to remount with idmap. However, /usr/ is a bind-mount,
hence it must be remounted with idmap.

With this change, now '-U --volatile=yes' works fine.

Fixes #34254.

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 655dc7c697646d5b2696e84b98c94b7d414166a9..ec73e427091e7c4923234963a5b80752ded6579a 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3995,11 +3995,14 @@ static int outer_child(
             arg_uid_shift != 0) {
                 _cleanup_strv_free_ char **dirs = NULL;
 
-                r = strv_extend(&dirs, directory);
-                if (r < 0)
-                        return log_oom();
+                if (arg_volatile_mode != VOLATILE_YES) {
+                        r = strv_extend(&dirs, directory);
+                        if (r < 0)
+                                return log_oom();
+                }
 
-                if (dissected_image && dissected_image->partitions[PARTITION_USR].found) {
+                if ((dissected_image && dissected_image->partitions[PARTITION_USR].found) ||
+                    arg_volatile_mode == VOLATILE_YES) {
                         char *s = path_join(directory, "/usr");
                         if (!s)
                                 return log_oom();