[systemd-devel] Notification socket and chroot vs PrivateNetwork conflict (abstract vs file-system)

Krzysztof Kotlenga k.kotlenga at sims.pl
Wed Dec 10 07:33:50 PST 2014

On Tue, 2014-12-09 at 17:28 +0100, Lennart Poettering wrote:
> On Tue, 09.12.14 16:24, Krzysztof Kotlenga (k.kotlenga at sims.pl) wrote:
>> Currently notify socket is unavailable in chrooted services (again)
>> unless you bind mount it there. Is there perhaps another, less
>> cumbersome way?
>> So far notify socket was:
>> [snip change history]
>> So... would it be acceptable to have two notify sockets, one
>> abstract and one normal, the latter only set for services with
>> PrivateNetwork or - better maybe - explicitly selectable? Any other
>> ideas?
> Hmm, but what would you do for a service that has both
> PrivateNetwork and chroot enabled?

Well, PrivateNetwork is clearly asking for trouble... A socket doesn't
really look like a right tool for the job in this case. I know Unix
signals were previously discarded in


Dunno what's left.

> Ideas?
> I figure we could open a new mount namespace and mount the file
> system socket into the chroot, but not sure I like the idea...

I don't know what else is possible, sorry. Anyone?


More information about the systemd-devel mailing list