[systemd-devel] users and per user limits (tmpfs)
Lennart Poettering
lennart at poettering.net
Tue Apr 28 03:39:35 PDT 2015
On Tue, 28.04.15 13:17, Mantas Mikulėnas (grawity at gmail.com) wrote:
> > Moreover, when this is set up
> > the mount propagation from the user's namespace to the rest of system
> > must be turned off for the root directory, and this will break general
> > assumptions around mounting things through tools like "su" or "sudo"
> > then, as those mounts will not propagate to the rest of the system
> > either...
>
> Wondering how the existing pam_namespace deals with this. Maybe / could be
> kept shared, just /tmp made private.
No, the propagation rules control if submounts of a mount are
propagated. If you intend to mount something on /tmp, then the
propagation rules of / are the ones that matter.
Also, if you disconnected propagation between two mount namespaces you
cannot reestablish the anymore.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list