[systemd-devel] users and per user limits (tmpfs)
Mantas Mikulėnas
grawity at gmail.com
Tue Apr 28 03:49:34 PDT 2015
On Tue, Apr 28, 2015 at 1:39 PM, Lennart Poettering <lennart at poettering.net>
wrote:
> On Tue, 28.04.15 13:17, Mantas Mikulėnas (grawity at gmail.com) wrote:
>
> > > Moreover, when this is set up
> > > the mount propagation from the user's namespace to the rest of system
> > > must be turned off for the root directory, and this will break general
> > > assumptions around mounting things through tools like "su" or "sudo"
> > > then, as those mounts will not propagate to the rest of the system
> > > either...
> >
> > Wondering how the existing pam_namespace deals with this. Maybe / could
> be
> > kept shared, just /tmp made private.
>
> No, the propagation rules control if submounts of a mount are
> propagated. If you intend to mount something on /tmp, then the
> propagation rules of / are the ones that matter.
>
I mean when /tmp itself is already a mountpoint, e.g. a bind mount on top
of itself (a common hack), then it has its own propagation mode, which will
be honored when mounting something at /tmp too, not just underneath.
(out) mount --bind /tmp /tmp
(out) mount --make-private /tmp
(out) unshare --mount
(in) mount -t tmpfs none /tmp
(out&in) findmnt
Really unnecessarily complex, but possible.
--
Mantas Mikulėnas <grawity at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150428/bcde23ef/attachment-0001.html>
More information about the systemd-devel
mailing list