Am 23.04.2013 21:51, schrieb Albert Strasheim: > is causing some headaches with some services of ours that use unshare > to get a new mount namespace and make some private mounts which we > don't want propagated.
Proper solution: Directly after the unshare, run either mount("none", "/", "none", MS_REC | MS_SLAVE, NULL) (mount --make-rslave /) or mount("none", "/", "none", MS_REC | MS_PRIVATE, NULL) (mount --make-rprivate /) in the context of your service. In most cases, leaving the "global" mount namespace as shared and setting your service's namespace to slave gives the most desirable behaviour.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel