On Sun, 18.01.15 20:50, Colin Walters ([email protected]) wrote: > On Sat, Jan 17, 2015, at 11:02 PM, Lars Kellogg-Stedman wrote: > > Hello all, > > > > With systemd 216 on Fedora 21 (kernel 3.17.8), I have run into an odd > > behavior concerning the PrivateTmp directive, and I am looking for > > help identifying this as: > > > > - Everything Is Working As Designed, Citizen > > - A bug in Docker (some mount flag is being set incorrectly?) > > This should be fixed by: > http://pkgs.fedoraproject.org/cgit/docker-io.git/commit/?id=6c9e373ee06cb1aee07d3cae426c46002663010d > > i.e. having docker.service use MountFlags=private, so its mounts > aren't visible to other processes.
MountFlags=private also disables *un*mount propagation from the host into the service, which means file systems once mounted in the host when a service was started will stay mounted forever in the service, which will keep the backing device busy forever. MountFlags=private is hence pretty useless in real life. Never use it. MountFlags=shared is also pointless, since it is the implied default. Which means "MountFlags=slave" is really the only option that makes sense to ever add to a unit file. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
