Am 05.08.2014 00:10, schrieb Ram Pai: > On Mon, Aug 04, 2014 at 11:19:35PM +0200, Richard Weinberger wrote: >> Am 04.08.2014 18:46, schrieb Eric W. Biederman: >>> Richard Weinberger <richard.weinberger@xxxxxxxxx> writes: >> >> /proc is propagating into another mount namespaces that does not care. >> This happens because systemd creates for several services a mount namespace and sets >> the root tree to MS_SHARED. > > if propagations are not needed, than set the root of the new mount > namespace to MS_PRIVATE first and then set it to MS_SHARED. > > MS_PRIVATE will delink the propagations, and MS_SHARED later will enable > the new mounts to propagate to whoever wants them. AFAICT this would break systemd's PrivateTmp feature. :( They want propagation. Such that a systemd service has a private /tmp but sees freshly mounted filesystems after setting up the namespace. Thanks, //richard -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
