On Sat, 02.03.13 15:00, Michal Sekletar (sekleta...@gmail.com) wrote: > > On Mar 1, 2013, at 3:16 PM, Lennart Poettering <lenn...@poettering.net> wrote: > > > On Wed, 20.02.13 14:50, Michal Sekletar (msekl...@redhat.com) wrote: > > > >> All Execs within the service, will get mounted the same /tmp and /var/tmp > >> directories, if service is configured with PrivateTmp=yes. Temporary > >> directories are cleaned up by service itself, rather than relying on > >> systemd-tmpfiles. Same logic applies also to inaccessible directories. > > > > Hmm, looks good in principle, but I am don't grok why we need > > ExecContext.bind_mounts? Can you elaborate? > > Hi Lennart, > > Originally we determined what bind mounts should be done in a child > process each time we forked of a new process, and it was done after > fork() in the child before executing target binary. > > Now, I've moved this computation to systemd itself and results are > stored in ExecContext.bind_mounts set. Another reason was that, using > former approach it was impossible to determine in pid 1, if we need to > create tmpdir to be mounted as inaccessible for a child.
Not following really? Which bind mounts are these? For the inaccessible dir stuff? But those are only visible in the per-service namespace, and go away automatically of the service dies (because if all processes of a service dies the namespace dies too). So I don't really understand why we would have to keep track of this? Lennart -- Lennart Poettering - Red Hat, Inc. _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel