-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/26/2011 11:43 AM, Michael Hennebry wrote: > On Wed, 25 May 2011, Michael Cronenworth wrote: > >> Harald Hoyer wrote: >>> Most of them are from the sandbox init script .... NOT from systemd!! >> >> Yes, this was not documented in the release notes. It is part of >> SELinux/pam_namespace usage. > > I've been looking, but I haven't found it. > If I do find it, will it answer the question? > > On Wed, 25 May 2011, Tom Horsley wrote: > >> I was checking to see if I had everything mounted that I wanted >> in a newly genned f15 system, and I see this insanity in >> the output from running "mount": >> >> /dev/sda2 on / type ext3 >> (rw,relatime,errors=continue,user_xattr,acl,barrier=$ >> /dev/sda2 on /tmp type ext3 >> (rw,relatime,errors=continue,user_xattr,acl,barri$ >> /dev/sda2 on /var/tmp type ext3 >> (rw,relatime,errors=continue,user_xattr,acl,b$ >> /dev/sda2 on /home type ext3 >> (rw,relatime,errors=continue,user_xattr,acl,barr$ >> >> Where on earth do those /tmp /var/tmp and /home entries come from? >> They certainly aren't all mounted on top of the same filesystem root. >> There are no entries for them in /etc/fstab. What is going on? > > Whatever is doing it, what is being done? > Is the same partition really on four different mount points? > To me, the above looks rather scary, > rather like my first encounter with LVM. > It was in the middle of an install. > > To me, the most important thing that should be in release > notes is what will break from an extant release. > The next is what will look different enough to be scary. > I'm not sure which this falls under. > This has been like this for many releases. All the way back to RHEL5, has this. There is an open bug on pam_namespace that will hopefully eliminate the need for this. When you use namespaces on mount tables you need to separate out file systems, so you can say something like I want these file systems shared with the entire system, while these other file systems private the each namespace. pam_namespace sets up a private namespace on $HOME and /tmp. In order to do this is needs /tmp and $HOME to be on their own file system. Therefore the init script bind mounts /tmp on /tmp and /home on /home causing the problem you are seeing. It also executes the appropriate commands to make "/" shared and /tmp and /home private. If you do not use pam_namespace or sandbox you can disable the init script and on the next boot the problem will go away. sandbox tool now is smart about setting up these private/bind mounts when you run the sandbox, rather then making them the system defaults. I wrote a patch for this for pam_namespace, when the patch is applied to pam_namespace, I will ask systemd to setup "/" as shared and remove the init script altogether. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk3k/5EACgkQrlYvE4MpobNHaQCgt9yij/MY7/E5WanpB/UD6EM7 /zcAn3Fla09leAQXW8JFAcD9iGgJ+4uA =w7Vs -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
