[systemd-devel] nspawn does not mount /dev/shm
lennart at poettering.net
Mon Sep 17 02:35:48 PDT 2012
On Sat, 15.09.12 21:57, Pierre Schmitz (pierre at archlinux.de) wrote:
> systemd-nspawn does not create a tmpfs mount to /dev/shm. Is this an
> oversight or intentional?
The original intention here was to mount only the stuff that is
necessary to get a system booted up safely in place. i.e. we mount /dev
because we populate it with the safe subset of device nodes. And we
mount /proc, so that we can mount /proc/sys read-only into it. But for
/dev/shm there was simply no real reason for, since the OS booted in it
could just do that safely on its own.
That said, I do actually agree it is useful to just pre-mount it these
days, too, for three reasons: a) it's kinda surprising that we mount all
the rest, just not this one, so let's just go for it; b) for people who
just spawn a shell in it rather than a full OS it makes life simpler; c)
it probably makes sense to do this to make boots without CAP_SYS_ADMIN
possible. (right now we hard add CAP_SYS_ADMIN for nspawn containers,
but we could actully make that optional, and should.)
Lennart Poettering - Red Hat, Inc.
More information about the systemd-devel