On Fri, 2013-02-01 at 14:40 -0700, Jake Edge wrote: > On Fri, 01 Feb 2013 16:33:26 -0500 Colin Walters wrote: > > On Fri, 2013-02-01 at 12:50 -0700, Jake Edge wrote: > > > > > I am not sure that I want the default to be "private", but if I did, > > > what is the proper, systemd-ish way to do so? > > > > If you're creating a private mount namespace, then: > > > > http://git.gnome.org/browse/linux-user-chroot/tree/src/linux-user-chroot.c#n300 > > Yes, that's a way to programmatically do it on an as-needed basis, which > is great, thanks. But what I was looking for was a way to tell systemd > to change the default back to private at boot time as Lennart > suggested in the commit.
That has global system ramifications. It's somewhat unfortunate that systemd overrides the kernel, but going forward programs can (at the moment) assume under systemd that it's shared, and make things private as necessary. If there were a configuration toggle, programs would have to cope with both cases. Though maybe realistically they already have to if Upstart doesn't do the same thing. Anyways, a unit which just invokes mount --make-rprivate / after say basic.target would probably work. There's some decent docs here btw, which do predate systemd and thus claim the default is private: http://www.ibm.com/developerworks/linux/library/l-mount-namespaces/index.html _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
