[systemd-devel] Docker vs PrivateTmp

Vincent Batts vbatts at redhat.com
Mon Jan 19 06:48:38 PST 2015

On 19/01/15 08:39 -0500, Daniel J Walsh wrote:
>On 01/19/2015 12:27 AM, Lars Kellogg-Stedman wrote:
>> On Sun, Jan 18, 2015 at 11:38:12PM -0500, Lars Kellogg-Stedman wrote:
>>> I think we actually want MountFlags=slave, which will permit mounts
>>> from the global namespace to propagate into the service namespace
>>> without permitting propagation in the other direction.  It seems like
>>> this would the Least Surprising behavior.
>> ...which would be the default if docker.service were itself using
>> PrivateTmp=true, because from systemd.exec:
>>     Note that the file system namespace related options (PrivateTmp=,
>>     PrivateDevices=, ProtectSystem=, ProtectHome=, ReadOnlyDirectories=,
>>     InaccessibleDirectories= and ReadWriteDirectories=) require that mount
>>     and unmount propagation from the unit's file system namespace is
>>     disabled, and hence downgrade shared to slave.
>> So either explicitly setting MountFlags=slave, or setting
>> PrivateTmp=true if that doesn't cause any issues of which I am not
>> aware.
>Vincent what do you think about MountFlags=slave?

'slave' sounds like the correct subtree mount. We were targeting
'MountFlags' to make use of unsharing the mount namespace.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150119/b4639218/attachment-0001.sig>

More information about the systemd-devel mailing list