Re: detaching existing extensions with new systemd extension attach

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On So, 08.12.24 07:59, Umut Tezduyar Lindskog (Umut.Tezduyar@xxxxxxxx) wrote:

> Thank for this.

> We tested the move_mount syscall with the MOVE_MOUNT_BENEATH flag
> and found that it only works if the parent mount is set to private,

Did you see the comments in mount_exchange_graceful()?

> which is related to how mount propagation works. This means it would
> only be usable on systems where the root filesystem is set to
> --make-private, or if we temporarily switch to a private state,
> perform the system-sysext operations, and then switch back to
> shared.

It's more complicated than that. Propagation actually *is* allowed,
but within some limitations.

> We are not experts on the details of the VFS, but would this
> temporary switch to private affect mount spaces and make the updated
> system extensions invisible? Also, how would this approach impact
> portable services in systemd? Could it cause any issues with how
> portable service images are accessed or made visible, especially if
> they depend on shared mount propagation?

Lennart

--
Lennart Poettering, Berlin
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux