summaryrefslogtreecommitdiffstats
path: root/man/systemd.exec.xml
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-03-20 04:16:39 +0100
committerLennart Poettering <lennart@poettering.net>2014-03-20 04:16:39 +0100
commitc2c13f2df42e0691aecabe3979ea81cd7faa35c7 (patch)
tree8a0930ab83eac1e5c10ccb0c8d41d615e21a4c51 /man/systemd.exec.xml
parentupdate TODO (diff)
downloadsystemd-c2c13f2df42e0691aecabe3979ea81cd7faa35c7.tar.xz
systemd-c2c13f2df42e0691aecabe3979ea81cd7faa35c7.zip
unit: turn off mount propagation for udevd
Keep mounts done by udev rules private to udevd. Also, document how MountFlags= may be used for this.
Diffstat (limited to 'man/systemd.exec.xml')
-rw-r--r--man/systemd.exec.xml42
1 files changed, 36 insertions, 6 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 784b48fff4..f47826ce4a 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -962,13 +962,43 @@
<option>shared</option>,
<option>slave</option> or
<option>private</option>, which
- control whether the file system
- namespace set up for this unit's
- processes will receive or propagate
- new mounts. See
+ control whether mounts in the file
+ system namespace set up for this
+ unit's processes will receive or
+ propagate mounts or unmounts. See
<citerefentry><refentrytitle>mount</refentrytitle><manvolnum>2</manvolnum></citerefentry>
- for details. Default to
- <option>shared</option>.</para></listitem>
+ for details. Defaults to
+ <option>shared</option>. Use
+ <option>shared</option> to ensure that
+ mounts and unmounts are propagated
+ from the host to the container and
+ vice versa. Use <option>slave</option>
+ to run processes so that none of their
+ mounts and unmounts will propagate to
+ the host. Use <option>private</option>
+ to also ensure that no mounts and
+ unmounts from the host will propagate
+ into the unit processes'
+ namespace. Note that
+ <option>slave</option> means that file
+ systems mounted on the host might stay
+ mounted continously in the unit's
+ namespace, and thus keep the device
+ busy. Note that the file system
+ namespace related options
+ (<varname>PrivateTmp=</varname>,
+ <varname>PrivateDevices=</varname>,
+ <varname>ReadOnlyDirectories=</varname>,
+ <varname>InaccessibleDirectories=</varname>
+ and
+ <varname>ReadWriteDirectories=</varname>)
+ require that mount and unmount
+ propagation from the unit's file
+ system namespace is disabled, and
+ hence downgrade
+ <option>shared</option> to
+ <option>slave</option>.
+ </para></listitem>
</varlistentry>
<varlistentry>