diff options
author | Alan Jenkins <alan.christopher.jenkins@gmail.com> | 2018-09-14 12:57:57 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2018-10-05 17:38:38 +0200 |
commit | 923f9101157f63c99c08585f690c86a02aa4d626 (patch) | |
tree | b9452812ec76b452fcaccf53341d11022c563cdf /man/systemd.exec.xml | |
parent | Merge pull request #10094 from keszybz/wants-loading (diff) | |
download | systemd-923f9101157f63c99c08585f690c86a02aa4d626.tar.xz systemd-923f9101157f63c99c08585f690c86a02aa4d626.zip |
man/systemd.exec: MountFlags=shared behaviour was changed (fixed?)
The behaviour described *was* observed on Fedora 28
(systemd-238-9.git0e0aa59), with and without SELinux. I don't actually
know why though! It contradicts my understanding of the code, including an
explicit comment in the code.
Testing in a VM upgraded to v239-792-g1327f272d, this behaviour goes away.
Test case:
# /etc/systemd/system/mount-test.service
[Service]
MountFlags=shared
Type=oneshot
ExecStart=/usr/bin/ls -l /proc/1/ns/mnt /proc/self/ns/mnt
ExecStart=/usr/bin/grep ext4 /proc/self/mountinfo
Weird old behaviour: new mount namespace but / is fully shared.
lrwxrwxrwx. 1 root root 0 Sep 14 11:18 /proc/1/ns/mnt -> mnt:[4026531840]
lrwxrwxrwx. 1 root root 0 Sep 14 11:48 /proc/self/ns/mnt ->
mnt:[4026532851]
968 967 253:0 / / rw,relatime shared:1 - ext4 /dev/mapper/alan_dell_2016...
Current behaviour: / is not fully shared
lrwxrwxrwx. 1 root root 0 Sep 14 11:39 /proc/1/ns/mnt -> mnt:[4026531840]
lrwxrwxrwx. 1 root root 0 Sep 14 11:41 /proc/self/ns/mnt ->
mnt:[4026532329]
591 558 8:3 / / rw,relatime shared:313 master:1 - ext4 /dev/sda3 rw,secl...
Diffstat (limited to 'man/systemd.exec.xml')
-rw-r--r-- | man/systemd.exec.xml | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index bc1c36fdfb..d763cb9e82 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -1350,10 +1350,7 @@ RestrictNamespaces=~cgroup net</programlisting> settings (see the discussion in <varname>PrivateMounts=</varname> above) will implicitly disable mount and unmount propagation from the unit's processes towards the host by changing the propagation setting of all mount points in the unit's file system namepace to <option>slave</option> first. Setting this option to - <option>shared</option> does not reestablish propagation in that case. Conversely, if this option is set, but - no other file system namespace setting is used, then new file system namespaces will be created for the unit's - processes and this propagation flag will be applied right away to all mounts within it, without the - intermediary application of <option>slave</option>.</para> + <option>shared</option> does not reestablish propagation in that case.</para> <para>If not set – but file system namespaces are enabled through another file system namespace unit setting – <option>shared</option> mount propagation is used, but — as mentioned — as <option>slave</option> is applied |