[systemd-devel] disabling shared mount propagation
Thomas Bächler
thomas at archlinux.org
Wed Apr 24 01:21:52 PDT 2013
Am 23.04.2013 21:51, schrieb Albert Strasheim:
> is causing some headaches with some services of ours that use unshare
> to get a new mount namespace and make some private mounts which we
> don't want propagated.
Proper solution: Directly after the unshare, run either
mount("none", "/", "none", MS_REC | MS_SLAVE, NULL)
(mount --make-rslave /)
or
mount("none", "/", "none", MS_REC | MS_PRIVATE, NULL)
(mount --make-rprivate /)
in the context of your service. In most cases, leaving the "global"
mount namespace as shared and setting your service's namespace to slave
gives the most desirable behaviour.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20130424/7598ca85/attachment.pgp>
More information about the systemd-devel
mailing list