[systemd-devel] detaching existing extensions with new systemd extension attach
Lennart Poettering
lennart at poettering.net
Mon Dec 9 08:45:20 UTC 2024
On So, 08.12.24 07:59, Umut Tezduyar Lindskog (Umut.Tezduyar at axis.com) wrote:
> Thank for this.
> We tested the move_mount syscall with the MOVE_MOUNT_BENEATH flag
> and found that it only works if the parent mount is set to private,
Did you see the comments in mount_exchange_graceful()?
> which is related to how mount propagation works. This means it would
> only be usable on systems where the root filesystem is set to
> --make-private, or if we temporarily switch to a private state,
> perform the system-sysext operations, and then switch back to
> shared.
It's more complicated than that. Propagation actually *is* allowed,
but within some limitations.
> We are not experts on the details of the VFS, but would this
> temporary switch to private affect mount spaces and make the updated
> system extensions invisible? Also, how would this approach impact
> portable services in systemd? Could it cause any issues with how
> portable service images are accessed or made visible, especially if
> they depend on shared mount propagation?
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list