[systemd-devel] Shared root fs by default
Lennart Poettering
lennart at poettering.net
Mon Apr 8 06:57:10 PDT 2013
On Mon, 08.04.13 14:08, Tvrtko Ursulin (tvrtko.ursulin at onelan.co.uk) wrote:
> > > > Well, but in your example you unmounted a bind mount with a child, and
> > > > that resulted in the unmounting of the child in the source mount, too --
> > > > even though you never asked for that child mount to be unmounted. That's
> > > > what your example showed, right?
> > >
> > > Yes, but as I said, after a quick glance at kernel docs I got the
> > > impression that is what should happen. I could be wrong though. Perhaps
> > > we should try and drag into discussion someone who designed this.
> >
> > I would have assumed that it would at least fail with EBUSY as long as
> > that submount is still there...
> >
> > Which wouldn't solve the issue at hand, but at least make it more
> > obvious, since you then have to manually unmount the submounts, and then
> > would have to think about what you are doing there...
>
> It does fail with -EBUSY with a normal (no detach) umount. So I think it boils
> down to whether detach unmount should propagate back and forth equivalently as
> other (un)mount events. The cleanest concept is that it does, hence it
> reinforced my impression that the kernel operates as designed.
Ah, ok, so if it does fail with a normal umount then this all makes
sense indeed.
> > Maybe the lesson to learn here is that MS_REC is more powerful than
> > people would expect, right? Because it duplicates mount points you don't
> > have to explicitly know about...
>
> I am not sure, depends if you think the behaviour is correct or not. Either
> way, I would say that the systemd change to make root "rshared" by default was
> a dangerous one (which was proven empirically) the risk of which outweighs
> eventual benefits. I gather you disagree and plan to leave it as it is?
Well, there are different requests from different people I guess. The
container folks have been asking us to make this change for a long time,
so we did this. I can see this also has negative implications (it also
semi-broke util-linux' unshare...), but then again it generally made
something work that didn't work at all...
I am tempted to leave it as it is now. But I am open to revisit this
later...
I wished /bin/mount would make it easier to create bind mounts and make
them private in one step, so that this pitfall might be easier to
work-around...
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the systemd-devel
mailing list