X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=f47826ce4ae6a278d069be3bd847ff166789c23f;hb=022446adf99b84c59a88c2e614033ccde13c395c;hp=784b48fff434e628d621c8125cae8369feec6018;hpb=907afa0682c8d6f00937b11b04be6b8a26a3cd41;p=elogind.git

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 784b48fff..f47826ce4 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -962,13 +962,43 @@
                                 <option>shared</option>,
                                 <option>slave</option> or
                                 <option>private</option>, which
-                                control whether the file system
-                                namespace set up for this unit's
-                                processes will receive or propagate
-                                new mounts. See
+                                control whether mounts in the file
+                                system namespace set up for this
+                                unit's processes will receive or
+                                propagate mounts or unmounts. See
                                 <citerefentry><refentrytitle>mount</refentrytitle><manvolnum>2</manvolnum></citerefentry>
-                                for details. Default to
-                                <option>shared</option>.</para></listitem>
+                                for details. Defaults to
+                                <option>shared</option>. Use
+                                <option>shared</option> to ensure that
+                                mounts and unmounts are propagated
+                                from the host to the container and
+                                vice versa. Use <option>slave</option>
+                                to run processes so that none of their
+                                mounts and unmounts will propagate to
+                                the host. Use <option>private</option>
+                                to also ensure that no mounts and
+                                unmounts from the host will propagate
+                                into the unit processes'
+                                namespace. Note that
+                                <option>slave</option> means that file
+                                systems mounted on the host might stay
+                                mounted continously in the unit's
+                                namespace, and thus keep the device
+                                busy. Note that the file system
+                                namespace related options
+                                (<varname>PrivateTmp=</varname>,
+                                <varname>PrivateDevices=</varname>,
+                                <varname>ReadOnlyDirectories=</varname>,
+                                <varname>InaccessibleDirectories=</varname>
+                                and
+                                <varname>ReadWriteDirectories=</varname>)
+                                require that mount and unmount
+                                propagation from the unit's file
+                                system namespace is disabled, and
+                                hence downgrade
+                                <option>shared</option> to
+                                <option>slave</option>.
+                                </para></listitem>
                         </varlistentry>
 
                         <varlistentry>