[systemd-devel] Question about nspawn.c
Stef Bon
stefbon at gmail.com
Mon Aug 22 07:15:29 PDT 2011
Hi,
I'm looking for developing a pam module which creates a new namespace
and a chroot.
It's doing at the same time what pam_script, pam_chroot and
pam_namespace do, but then in one module.
I'm using nspawn.c to look how it does a chroot, mounting the
different important system directories.
I'm using the unshare systemcall, instead of clone.
I've got a question about a commadn in nspawn.c, at line 775:
mount(arg_directory, "/", "bind", MS_BIND | MS_MOVE, NULL)
(systemd 3.3)
Why the combination MS_BIND | MS_MOVE here??
A move is a little bit confucing, since a move of the root, while the
subirectories are already mounted.
It looks more a bit to make the new namespace consistent or something like that.
Can someone explain this?
Thanks in advance.
Stef Bon
the Netherlands
btw I know what a bind mount is, but the combination MS_BIND | MS_MOVE
in this context is the issue.
More information about the systemd-devel
mailing list