On Tue, 28.04.15 13:17, Mantas Mikulėnas (graw...@gmail.com) wrote: > > Moreover, when this is set up > > the mount propagation from the user's namespace to the rest of system > > must be turned off for the root directory, and this will break general > > assumptions around mounting things through tools like "su" or "sudo" > > then, as those mounts will not propagate to the rest of the system > > either... > > Wondering how the existing pam_namespace deals with this. Maybe / could be > kept shared, just /tmp made private.
No, the propagation rules control if submounts of a mount are propagated. If you intend to mount something on /tmp, then the propagation rules of / are the ones that matter. Also, if you disconnected propagation between two mount namespaces you cannot reestablish the anymore. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel