[systemd-devel] nspawn does not mount /dev/shm

[Lennart Poettering]

On Sat, 15.09.12 21:57, Pierre Schmitz (pierre at archlinux.de) wrote:

> Hi,
> 
> systemd-nspawn does not create a tmpfs mount to /dev/shm. Is this an
> oversight or intentional?

The original intention here was to mount only the stuff that is
necessary to get a system booted up safely in place. i.e. we mount /dev
because we populate it with the safe subset of device nodes. And we
mount /proc, so that we can mount /proc/sys read-only into it. But for
/dev/shm there was simply no real reason for, since the OS booted in it
could just do that safely on its own.

That said, I do actually agree it is useful to just pre-mount it these
days, too, for three reasons: a) it's kinda surprising that we mount all
the rest, just not this one, so let's just go for it; b) for people who
just spawn a shell in it rather than a full OS it makes life simpler; c)
it probably makes sense to do this to make boots without CAP_SYS_ADMIN
possible. (right now we hard add CAP_SYS_ADMIN for nspawn containers,
but we could actully make that optional, and should.)

Lennart

-- 
Lennart Poettering - Red Hat, Inc.