Based on 664064d60c36e1f62c7e9177e4c7498035467e07 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 3 Jul 2014 16:27:57 +0200
Subject: [PATCH] namespace: make sure /tmp, /var/tmp and /dev are writable in
 namespaces we set up

---
 src/core/namespace.c |   11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

--- src/core/namespace.c
+++ src/core/namespace.c	2014-07-04 09:55:21.582234949 +0000
@@ -263,14 +263,17 @@ static int make_read_only(BindMount *m)
 
         assert(m);
 
-        if (m->mode != INACCESSIBLE && m->mode != READONLY)
-                return 0;
+        if (IN_SET(m->mode, INACCESSIBLE, READONLY))
+                r = mount(NULL, m->path, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY|MS_REC, NULL);
+        else if (IN_SET(m->mode, READWRITE, PRIVATE_TMP, PRIVATE_VAR_TMP, PRIVATE_DEV))
+                r = mount(NULL, m->path, NULL, MS_BIND|MS_REMOUNT|MS_REC, NULL);
+        else
+                r = 0;
 
-        r = mount(NULL, m->path, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY|MS_REC, NULL);
         if (r < 0 && !(m->ignore && errno == ENOENT))
                 return -errno;
 
-        return 0;
+        return r;
 }
 
 int setup_namespace(