unshare: add --propagation, use MS_PRIVATE by default - openslx/kernel-qcow2-util-linux.git

diff options

author	Karel Zak	2015-03-18 15:13:15 +0100
committer	Karel Zak	2015-03-23 10:12:48 +0100
commit	f0f22e9c6f109f8c1234caa3173368ef43b023eb (patch)
tree	0a158f6b5d92b57ca0c9ac97fb093f1e1d176348 /sys-utils/dmesg.c
parent	nsenter: add -Z to set selinux context (diff)
download	kernel-qcow2-util-linux-f0f22e9c6f109f8c1234caa3173368ef43b023eb.tar.gz kernel-qcow2-util-linux-f0f22e9c6f109f8c1234caa3173368ef43b023eb.tar.xz kernel-qcow2-util-linux-f0f22e9c6f109f8c1234caa3173368ef43b023eb.zip

unshare: add --propagation, use MS_PRIVATE by default

After "unshare --mount" users assume that mount operations within the new namespaces are unshared (invisible for the rest of the system). Unfortunately, this is not true and the behavior depends on the current mount propagation setting. The kernel default is "private", but for example systemd based distros use "shared". The solution is to use (for example) "mount --make-private" after unshare(1). I have been requested many times to provide less fragile and more unified unshared mount setting *by default* to make things user friendly. The patch forces unshare(1) to explicitly use MS_REC|MS_PRIVATE for all tree by default. We can use something less (e.g MS_SLAVE), but "private" is the kernel default, so for many users this change (feature) will be invisible. This feature is possible to disable by "--propagation unchanged" or it's possible to specify another propagation flag, supported are: <slave|shared|private|unchanged> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Karel Zak <kzak@redhat.com>

Diffstat (limited to 'sys-utils/dmesg.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: