core: do not make private /dev/ read-only too soon

The read-only bit is flipped after setting up all the mounts, so that bind mounts can be added. Remove the early config, and add a unit test. Fixes https://github.com/systemd/systemd/issues/30372
2026-04-14 00:14:32 +09:00 · 2023-12-07 22:19:11 +00:00
parent 0122c7d060
commit ae7482b994
3 changed files with 12 additions and 5 deletions
--- a/test/test-execute/exec-privatedevices-bind.service
+++ b/test/test-execute/exec-privatedevices-bind.service
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+[Unit]
+Description=Test for PrivateDevices=yes with a bind mounted device
+
+[Service]
+ExecStart=/bin/sh -c 'test -c /dev/kmsg'
+ExecStart=/bin/sh -c 'test ! -w /dev/'
+Type=oneshot
+PrivateDevices=yes
+BindPaths=/dev/kmsg