summaryrefslogtreecommitdiff
path: root/src/nspawn
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2019-07-24 17:32:09 +0200
committerLennart Poettering <lennart@poettering.net>2019-07-29 09:52:02 +0200
commitb35ca61ae27172a453faf6541d2d327bf8b0629a (patch)
treeaeb9265b2a2a5ee4bde2440c704ec12444090fb4 /src/nspawn
parent08b5953997864ffebf4fa21a04c60f6beebfaca7 (diff)
downloadsystemd-b35ca61ae27172a453faf6541d2d327bf8b0629a.tar.gz
systemd-b35ca61ae27172a453faf6541d2d327bf8b0629a.tar.bz2
systemd-b35ca61ae27172a453faf6541d2d327bf8b0629a.zip
nspawn: allow --volatile=yes instances of -D /
Diffstat (limited to 'src/nspawn')
-rw-r--r--src/nspawn/nspawn.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index fed5c651ce..2542888c1e 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -4740,8 +4740,12 @@ static int run(int argc, char *argv[]) {
if (arg_directory) {
assert(!arg_image);
- if (path_equal(arg_directory, "/") && !arg_ephemeral) {
- log_error("Spawning container on root directory is not supported. Consider using --ephemeral.");
+ /* Safety precaution: let's not allow running images from the live host OS image, as long as
+ * /var from the host will propagate into container dynamically (because bad things happen if
+ * two systems write to the same /var). Let's allow it for the special cases where /var is
+ * either copied (i.e. --ephemeral) or replaced (i.e. --volatile=yes|state). */
+ if (path_equal(arg_directory, "/") && !(arg_ephemeral || IN_SET(arg_volatile_mode, VOLATILE_YES, VOLATILE_STATE))) {
+ log_error("Spawning container on root directory is not supported. Consider using --ephemeral, --volatile=yes or --volatile=state.");
r = -EINVAL;
goto finish;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-01 20:40:37 +0000