[systemd-devel] [PATCH] core: reuse the same /tmp, /var/tmp and inaccessible dir
lennart at poettering.net
Mon Mar 4 06:21:43 PST 2013
On Sat, 02.03.13 15:00, Michal Sekletar (sekletar.m at gmail.com) wrote:
> On Mar 1, 2013, at 3:16 PM, Lennart Poettering <lennart at poettering.net> wrote:
> > On Wed, 20.02.13 14:50, Michal Sekletar (msekleta at redhat.com) wrote:
> >> All Execs within the service, will get mounted the same /tmp and /var/tmp
> >> directories, if service is configured with PrivateTmp=yes. Temporary
> >> directories are cleaned up by service itself, rather than relying on
> >> systemd-tmpfiles. Same logic applies also to inaccessible directories.
> > Hmm, looks good in principle, but I am don't grok why we need
> > ExecContext.bind_mounts? Can you elaborate?
> Hi Lennart,
> Originally we determined what bind mounts should be done in a child
> process each time we forked of a new process, and it was done after
> fork() in the child before executing target binary.
> Now, I've moved this computation to systemd itself and results are
> stored in ExecContext.bind_mounts set. Another reason was that, using
> former approach it was impossible to determine in pid 1, if we need to
> create tmpdir to be mounted as inaccessible for a child.
Not following really? Which bind mounts are these? For the inaccessible
dir stuff? But those are only visible in the per-service namespace, and
go away automatically of the service dies (because if all processes of a
service dies the namespace dies too). So I don't really understand why
we would have to keep track of this?
Lennart Poettering - Red Hat, Inc.
More information about the systemd-devel