]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1581644) | patch
core: Bind mount notify socket to /run/host/notify in sandboxed units 35573/head
authorDaan De Meyer <daan.j.demeyer@gmail.com>
Wed, 11 Dec 2024 18:45:28 +0000 (18:45 +0000)
committerDaan De Meyer <daan.j.demeyer@gmail.com>
Fri, 13 Dec 2024 12:37:02 +0000 (13:37 +0100)
commit284dd31e9d7d25e8a0bdfee60cf938ab961f2a7a
tree39bc0a05fcfa32e324e1cc34c895a4ce2dbbbe06tree | snapshot
parent15816441ca4c949b4cfe6aaf31f6e8e7fa432b10commit | diff
core: Bind mount notify socket to /run/host/notify in sandboxed units

To be able to run systemd in a Type=notify transient unit, the notify
socket can't be bind mounted to /run/systemd/notify as systemd in the
transient unit wants to use that as its own notify socket which conflicts
with systemd on the host.

Instead, for sandboxed units, let's bind mount the notify socket to
/run/host/notify as documented in the container interface. Since we don't
guarantee a stable location for the notify socket and insist users use
$NOTIFY_SOCKET to get its path, this is safe to do.
src/core/exec-invoke.c diff | blob | blame | history
src/core/execute.c diff | blob | blame | history
src/core/execute.h diff | blob | blame | history
src/core/namespace.c diff | blob | blame | history
src/core/namespace.h diff | blob | blame | history
src/core/service.c diff | blob | blame | history
test/units/TEST-50-DISSECT.dissect.sh diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.