On Thu, 02.10.14 09:57, Michal Sekletar (msekl...@redhat.com) wrote:
> #define FINALIZE_ATTEMPTS 50
>
> @@ -207,7 +208,11 @@ int main(int argc, char *argv[]) {
>
> in_container = detect_container(NULL) > 0;
>
> - need_umount = true;
> + if (in_container && !have_effective_cap(CAP_SYS_ADMIN))
> + need_umount = false;
> + else
> + need_umount = true;
> +
> need_swapoff = !in_container;
> need_loop_detach = !in_container;
> need_dm_detach = !in_container;
Hmm, I think we should just do "need_umount = !in_container", like we
do for the other things like loopback detaching, dm detaching or
swapoff. After all, if we run in a container we run in a mount
namespace anyway, so unmounting things is done by the kernel
implicitly if the namespace dies. At least in theory this means we can
simply skip the unmounting in all containers, but I must admit that I
am not entirely clear on this one, so this needs to be tested in the
common container managers really, I figure...
Lennart
--
Lennart Poettering, Red Hat
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
