diff options
author | Colin Walters <walters@verbum.org> | 2015-09-06 11:32:23 -0400 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2015-09-06 11:32:23 -0400 |
commit | d5d3074a8278796eeafd5e218811548447affe06 (patch) | |
tree | 4af216e4044704a8685b29fe66330478a1ff96e3 | |
parent | 6f74ad47f36f791209ef6a25d3ab44d94a8ce93d (diff) | |
download | linux-user-chroot-d5d3074a8278796eeafd5e218811548447affe06.tar.gz |
core: Update comment for private/slave mode of / mount
-rw-r--r-- | src/linux-user-chroot.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/linux-user-chroot.c b/src/linux-user-chroot.c index 8c8120f..4c9dbbb 100644 --- a/src/linux-user-chroot.c +++ b/src/linux-user-chroot.c @@ -360,10 +360,11 @@ main (int argc, if (prctl (PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) fatal_errno ("prctl (PR_SET_NO_NEW_PRIVS)"); - /* This is necessary to undo the damage "sandbox" creates on Fedora - * by making / a shared mount instead of private. This isn't - * totally correct because the targets for our bind mounts may still - * be shared, but really, Fedora's sandbox is broken. + /* The rootfs propagation by default will be private, because + * systemd sets it up that way. However, some utilities will make it + * shared, e.g. the "sandbox" tool on Fedora. + * + * If it is shared, then we can't use MS_MOVE to switch root. */ if (mount (NULL, "/", "none", MS_PRIVATE | MS_REC, NULL) < 0) fatal_errno ("mount(/, MS_PRIVATE | MS_REC)"); |