[systemd-devel] Shared root fs by default
Tvrtko Ursulin
tvrtko.ursulin at onelan.co.uk
Mon Apr 8 07:29:32 PDT 2013
On Monday 08 April 2013 15:57:10 Lennart Poettering wrote:
> On Mon, 08.04.13 14:08, Tvrtko Ursulin (tvrtko.ursulin at onelan.co.uk) wrote:
> > I am not sure, depends if you think the behaviour is correct or not.
> > Either
> > way, I would say that the systemd change to make root "rshared" by default
> > was a dangerous one (which was proven empirically) the risk of which
> > outweighs eventual benefits. I gather you disagree and plan to leave it
> > as it is?
> Well, there are different requests from different people I guess. The
> container folks have been asking us to make this change for a long time,
> so we did this. I can see this also has negative implications (it also
> semi-broke util-linux' unshare...), but then again it generally made
> something work that didn't work at all...
>
> I am tempted to leave it as it is now. But I am open to revisit this
> later...
>
> I wished /bin/mount would make it easier to create bind mounts and make
> them private in one step, so that this pitfall might be easier to
> work-around...
That is beside the point since how do you propose people will learn about this
new feature?
Remember, this is not a change which only breaks existing tools, this is a
change which breaks your _system_ when you use your _existing_ scripts.
We learnt about it hard way and changed our scripts to "detach" our chroots.
But the experience was not user friendly. Will it happen to more people in the
future? Should it? Because it is "hard" to do "mount --rshared /" for people
who want to use one particular use case and happen to know about all this?
Regards,
Tvrtko
More information about the systemd-devel
mailing list