In order to make containers work nicely out of the box it is highly
desirable to have the mount propagation mode for the root fs is set as
"shared" by default so that containers receive system mounts by default.
(See mount --make-shared for more information).
As it is unlikely that the kernel will change the default to "shared"
for this, do this early at boot-up from PID 1. Setups which prefer the
default of "private" should undo this change via invoking "mount
--make-private /" or a similar command after boot.
In the long run /etc/fstab should take the propagation mode as a mount
option like any other, so that this may be used to change the default
mode. However, if fstab is not around or doesn't list / we still should
default to shared as propagation mode, hence this change now.
* .journal~ files should be parsed too
* .journal~ files should be parsed too
-* use mount --make-shared on / by default
-
* allow services with no ExecStart= but with an ExecStop=
* add proper journal support to "systemctl --user status ..."
* allow services with no ExecStart= but with an ExecStop=
* add proper journal support to "systemctl --user status ..."
+ /* Mark the root directory as shared in regards to mount
+ * propagation. The kernel defaults to "private", but we think
+ * it makes more sense to have a default of "shared" so that
+ * nspawn and the container tools work out of the box. If
+ * specific setups need other settings they can reset the
+ * propagation mode to private if needed. */
+ if (mount(NULL, "/", NULL, MS_REC|MS_SHARED, NULL) < 0)
+ log_warning("Failed to set up the root directory for shared mount propagation: %m");
+
/* Create a few directories we always want around */
mkdir_label("/run/systemd", 0755);
mkdir_label("/run/systemd/system", 0755);
/* Create a few directories we always want around */
mkdir_label("/run/systemd", 0755);
mkdir_label("/run/systemd/system", 0755);
~ianmdlvl / elogind.git / commitdiff