summaryrefslogtreecommitdiffstats
path: root/man/systemd.exec.xml
diff options
context:
space:
mode:
authorAlan Jenkins <alan.christopher.jenkins@gmail.com>2018-09-14 12:57:57 +0200
committerLennart Poettering <lennart@poettering.net>2018-10-05 17:38:38 +0200
commit923f9101157f63c99c08585f690c86a02aa4d626 (patch)
treeb9452812ec76b452fcaccf53341d11022c563cdf /man/systemd.exec.xml
parentMerge pull request #10094 from keszybz/wants-loading (diff)
downloadsystemd-923f9101157f63c99c08585f690c86a02aa4d626.tar.xz
systemd-923f9101157f63c99c08585f690c86a02aa4d626.zip
man/systemd.exec: MountFlags=shared behaviour was changed (fixed?)
The behaviour described *was* observed on Fedora 28 (systemd-238-9.git0e0aa59), with and without SELinux. I don't actually know why though! It contradicts my understanding of the code, including an explicit comment in the code. Testing in a VM upgraded to v239-792-g1327f272d, this behaviour goes away. Test case: # /etc/systemd/system/mount-test.service [Service] MountFlags=shared Type=oneshot ExecStart=/usr/bin/ls -l /proc/1/ns/mnt /proc/self/ns/mnt ExecStart=/usr/bin/grep ext4 /proc/self/mountinfo Weird old behaviour: new mount namespace but / is fully shared. lrwxrwxrwx. 1 root root 0 Sep 14 11:18 /proc/1/ns/mnt -> mnt:[4026531840] lrwxrwxrwx. 1 root root 0 Sep 14 11:48 /proc/self/ns/mnt -> mnt:[4026532851] 968 967 253:0 / / rw,relatime shared:1 - ext4 /dev/mapper/alan_dell_2016... Current behaviour: / is not fully shared lrwxrwxrwx. 1 root root 0 Sep 14 11:39 /proc/1/ns/mnt -> mnt:[4026531840] lrwxrwxrwx. 1 root root 0 Sep 14 11:41 /proc/self/ns/mnt -> mnt:[4026532329] 591 558 8:3 / / rw,relatime shared:313 master:1 - ext4 /dev/sda3 rw,secl...
Diffstat (limited to 'man/systemd.exec.xml')
-rw-r--r--man/systemd.exec.xml5
1 files changed, 1 insertions, 4 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index bc1c36fdfb..d763cb9e82 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1350,10 +1350,7 @@ RestrictNamespaces=~cgroup net</programlisting>
settings (see the discussion in <varname>PrivateMounts=</varname> above) will implicitly disable mount and
unmount propagation from the unit's processes towards the host by changing the propagation setting of all mount
points in the unit's file system namepace to <option>slave</option> first. Setting this option to
- <option>shared</option> does not reestablish propagation in that case. Conversely, if this option is set, but
- no other file system namespace setting is used, then new file system namespaces will be created for the unit's
- processes and this propagation flag will be applied right away to all mounts within it, without the
- intermediary application of <option>slave</option>.</para>
+ <option>shared</option> does not reestablish propagation in that case.</para>
<para>If not set – but file system namespaces are enabled through another file system namespace unit setting –
<option>shared</option> mount propagation is used, but — as mentioned — as <option>slave</option> is applied