From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 12 Dec 2016 18:46:56 +0000 (+0100)
Subject: nspawn: restore --volatile=yes support
X-Git-Tag: v233~237^2~26
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4ad14eff19f644fe632adf6ecc292a8e88540801;p=thirdparty%2Fsystemd.git

nspawn: restore --volatile=yes support

This was broken by 19caffac75a2590a0c5ebc2a0214960f8188aec7 which remounted the
root directory to MS_SHARED before applying the volatile mount logic. This
broke things as MS_MOVE is incompatible with MS_SHARED directory trees, and we
need MS_MOVE in the volatile mount logic to rearrange the directory tree.
Simply swap the order here, apply the volatile logic before we switch to
MS_SHARED.
---

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 2e879d7d7f2..01d89df1a4f 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2470,20 +2470,6 @@ static int outer_child(
         if (r < 0)
                 return r;
 
-        /* Mark everything as shared so our mounts get propagated down. This is
-         * required to make new bind mounts available in systemd services
-         * inside the containter that create a new mount namespace.
-         * See https://github.com/systemd/systemd/issues/3860
-         * Further submounts (such as /dev) done after this will inherit the
-         * shared propagation mode.*/
-        r = mount_verbose(LOG_ERR, NULL, directory, NULL, MS_SHARED|MS_REC, NULL);
-        if (r < 0)
-                return r;
-
-        r = recursive_chown(directory, arg_uid_shift, arg_uid_range);
-        if (r < 0)
-                return r;
-
         r = setup_volatile(
                         directory,
                         arg_volatile_mode,
@@ -2504,6 +2490,20 @@ static int outer_child(
         if (r < 0)
                 return r;
 
+        /* Mark everything as shared so our mounts get propagated down. This is
+         * required to make new bind mounts available in systemd services
+         * inside the containter that create a new mount namespace.
+         * See https://github.com/systemd/systemd/issues/3860
+         * Further submounts (such as /dev) done after this will inherit the
+         * shared propagation mode.*/
+        r = mount_verbose(LOG_ERR, NULL, directory, NULL, MS_SHARED|MS_REC, NULL);
+        if (r < 0)
+                return r;
+
+        r = recursive_chown(directory, arg_uid_shift, arg_uid_range);
+        if (r < 0)
+                return r;
+
         r = base_filesystem_create(directory, arg_uid_shift, (gid_t) arg_uid_shift);
         if (r < 0)
                 return r;