diff options
| author | Lennart Poettering <lennart@poettering.net> | 2016-12-22 23:34:35 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2017-02-07 11:22:05 +0100 |
| commit | 5d997827e2ebe5d4f438748d1ac87c10c29045c6 (patch) | |
| tree | 28f9edefba7c8065ed0395d97820a47471457fcc /man/systemd.exec.xml | |
| parent | 1eb7e08e20a329b1f074968c88fee5d8adf3bbaf (diff) | |
core: add a per-unit setting MountAPIVFS= for mounting /dev, /proc, /sys in conjunction with RootDirectory=
This adds a boolean unit file setting MountAPIVFS=. If set, the three
main API VFS mounts will be mounted for the service. This only has an
effect on RootDirectory=, which it makes a ton times more useful.
(This is basically the /dev + /proc + /sys mounting code posted in the
original #4727, but rebased on current git, and with the automatic logic
replaced by explicit logic controlled by a unit file setting)
Diffstat (limited to 'man/systemd.exec.xml')
| -rw-r--r-- | man/systemd.exec.xml | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index bb38ea2467..e594dc1b0c 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -132,8 +132,22 @@ the <function>chroot()</function> jail. Note that setting this parameter might result in additional dependencies to be added to the unit (see above).</para> - <para>The <varname>PrivateUsers=</varname> setting is particularly useful in conjunction with - <varname>RootDirectory=</varname>. For details, see below.</para></listitem> + <para>The <varname>MountAPIVFS=</varname> and <varname>PrivateUsers=</varname> settings are particularly useful + in conjunction with <varname>RootDirectory=</varname>. For details, see below.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>MountAPIVFS=</varname></term> + + <listitem><para>Takes a boolean argument. If on, a private mount namespace for the unit's processes is created + and the API file systems <filename>/proc</filename>, <filename>/sys</filename> and <filename>/dev</filename> + will be mounted inside of it, unless they are already mounted. Note that this option has no effect unless used + in conjunction with <varname>RootDirectory=</varname> as these three mounts are generally mounted in the host + anyway, and unless the root directory is changed the private mount namespace will be a 1:1 copy of the host's, + and include these three mounts. Note that the <filename>/dev</filename> file system of the host is bind mounted + if this option is used without <varname>PrivateDevices=</varname>. To run the service with a private, minimal + version of <filename>/dev/</filename>, combine this option with + <varname>PrivateDevices=</varname>.</para></listitem> </varlistentry> <varlistentry> |