Red Hat Bugzilla – Bug 693891
Systemd needs to mount file systems -rshared.
Last modified: 2012-08-08 19:24:42 EDT
Created attachment 490074 [details]
Native systemd service file
Description of problem:
The attached file is a native systemd file for upcoming F15 Feature 
Please read  on how to packaging and installing systemd Service files.
To learn more about Systemd daemon see .
If you have any question dont hesitate to ask them on this bug report.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
This is only needed by pam_namespace and is not really correct.
pam_namespace should be doing the
ExecStart=/bin/mount --rbind /tmp /tmp
ExecStart=/bin/mount --rbind /var/tmp /var/tmp
ExecStart=/bin/mount --make-private /tmp
ExecStart=/bin/mount --make-private /var/tmp
ExecStart=/bin/mount --rbind /home /home
ExecStart=/bin/mount --make-private /home
On any directory handed to it. And the only thing the init script needs to do is.
ExecStart=/bin/mount --make-rshared /
seunshare already does this and I sent a patch to pam_namespace a while back to implement something similar.
Moving systemd service RFEs to rawhide.
At this point, it is not appropriate in the Fedora 15 cycle to add these. Furthermore, at this point, we are still finalizing the packaging guidelines to handle SysV -> systemd upgrades.
We therefore request:
- wait until there are packaging guidelines (this will be announced on the devel list). This ensures that upgrades will work smoothly and we/you won't have to do multiple sets of changes.
- work on these sorts of changes for Fedora 16 where necessary, not Fedora 15, as we're trying to fix things for release.
- do *not* change a service from SysV to systemd in an existing release (such as Fedora 15), as this is the sort of behavior change that goes against our update policy, documented as https://fedoraproject.org/wiki/Updates_Policy
Yes, pam_namespace now does the make-private mounts on its own.
So only what Dan Walsh writes is needed. And I do not think it should be in the pam package as it is needed only when pam_namespace is configured to do anything at all which it is not by default.
I suppose xguest package would be more appropriate as it uses pam_namespace.
I talked to Lennart and Kay about making systemd mount / by default as rshared. Then I can eliminate the sandbox init script altogether.
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
For F18 we changed the default mount propagation mode to "shared".