nspawn: mount /tmp in the container, don't leave this to the containe…

…r's init We really want /tmp to be properly mounted, especially in containers that lack CAP_SYS_ADMIN or that are not fully booted up and only get a shell, hence let's do so in nspawn already.
systemd · Jan 23, 2015 · bbb99c3 · bbb99c3
1 parent 05e7da5
commit bbb99c3
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
@@ -816,6 +816,7 @@ static int mount_all(const char *dest) {
                 { "devpts",    "/dev/pts",  "devpts","newinstance,ptmxmode=0666,mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC, true },
                 { "tmpfs",     "/dev/shm",  "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME,      true  },
                 { "tmpfs",     "/run",      "tmpfs", "mode=755",  MS_NOSUID|MS_NODEV|MS_STRICTATIME,      true  },
+                { "tmpfs",     "/tmp",      "tmpfs", "mode=1777", MS_STRICTATIME,                         true  },
 #ifdef HAVE_SELINUX
                 { "/sys/fs/selinux", "/sys/fs/selinux", NULL, NULL, MS_BIND,                              false },  /* Bind mount first */
                 { NULL,              "/sys/fs/selinux", NULL, NULL, MS_BIND|MS_RDONLY|MS_REMOUNT,         false },  /* Then, make it r/o */