Merge pull request #12106 from poettering/nosuidns

add "nosuid" flag to exec directory mounts of DynamicUser=1 services

1 files changed, 3 insertions, 3 deletions

diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c
index 81e3065227..42153c5a11 100644
--- a/src/nspawn/nspawn-mount.c
+++ b/src/nspawn/nspawn-mount.c
@@ -731,7 +731,7 @@ static int mount_bind(const char *dest, CustomMount *m) {
                 return r;
 
         if (m->read_only) {
-                r = bind_remount_recursive(where, true, NULL);
+                r = bind_remount_recursive(where, MS_RDONLY, MS_RDONLY, NULL);
                 if (r < 0)
                         return log_error_errno(r, "Read-only bind mount failed: %m");
         }
@@ -939,7 +939,7 @@ static int setup_volatile_state(
 
         /* --volatile=state means we simply overmount /var with a tmpfs, and the rest read-only. */
 
-        r = bind_remount_recursive(directory, true, NULL);
+        r = bind_remount_recursive(directory, MS_RDONLY, MS_RDONLY, NULL);
         if (r < 0)
                 return log_error_errno(r, "Failed to remount %s read-only: %m", directory);
 
@@ -1005,7 +1005,7 @@ static int setup_volatile_yes(
 
         bind_mounted = true;
 
-        r = bind_remount_recursive(t, true, NULL);
+        r = bind_remount_recursive(t, MS_RDONLY, MS_RDONLY, NULL);
         if (r < 0) {
                 log_error_errno(r, "Failed to remount %s read-only: %m", t);
                 goto fail;