diff options
Diffstat (limited to 'man/systemd.exec.xml')
| -rw-r--r-- | man/systemd.exec.xml | 42 |
1 files changed, 36 insertions, 6 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 784b48fff4..f47826ce4a 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -962,13 +962,43 @@ <option>shared</option>, <option>slave</option> or <option>private</option>, which - control whether the file system - namespace set up for this unit's - processes will receive or propagate - new mounts. See + control whether mounts in the file + system namespace set up for this + unit's processes will receive or + propagate mounts or unmounts. See <citerefentry><refentrytitle>mount</refentrytitle><manvolnum>2</manvolnum></citerefentry> - for details. Default to - <option>shared</option>.</para></listitem> + for details. Defaults to + <option>shared</option>. Use + <option>shared</option> to ensure that + mounts and unmounts are propagated + from the host to the container and + vice versa. Use <option>slave</option> + to run processes so that none of their + mounts and unmounts will propagate to + the host. Use <option>private</option> + to also ensure that no mounts and + unmounts from the host will propagate + into the unit processes' + namespace. Note that + <option>slave</option> means that file + systems mounted on the host might stay + mounted continously in the unit's + namespace, and thus keep the device + busy. Note that the file system + namespace related options + (<varname>PrivateTmp=</varname>, + <varname>PrivateDevices=</varname>, + <varname>ReadOnlyDirectories=</varname>, + <varname>InaccessibleDirectories=</varname> + and + <varname>ReadWriteDirectories=</varname>) + require that mount and unmount + propagation from the unit's file + system namespace is disabled, and + hence downgrade + <option>shared</option> to + <option>slave</option>. + </para></listitem> </varlistentry> <varlistentry> |