Am 23.04.2013 21:51, schrieb Albert Strasheim: > is causing some headaches with some services of ours that use unshare > to get a new mount namespace and make some private mounts which we > don't want propagated.
Proper solution: Directly after the unshare, run either
mount("none", "/", "none", MS_REC | MS_SLAVE, NULL)
(mount --make-rslave /)
or
mount("none", "/", "none", MS_REC | MS_PRIVATE, NULL)
(mount --make-rprivate /)
in the context of your service. In most cases, leaving the "global"
mount namespace as shared and setting your service's namespace to slave
gives the most desirable behaviour.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
