From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 13 Dec 2024 13:48:07 +0000 (+0000)
Subject: core: Bind mount notify socket to /run/host/notify in sandboxed units (#35573)
X-Git-Tag: v258-rc1~1870
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=18bb30c3b2ea7f4497edf86414133667b3e155fe;p=thirdparty%2Fsystemd.git

core: Bind mount notify socket to /run/host/notify in sandboxed units (#35573)

To be able to run systemd in a Type=notify transient unit, the notify
socket can't be bind mounted to /run/systemd/notify as systemd in the
transient unit wants to use that as its own notify socket which
conflicts with systemd on the host.

Instead, for sandboxed units, let's bind mount the notify socket to
/run/host/notify as documented in the container interface. Since we
don't guarantee a stable location for the notify socket and insist users
use $NOTIFY_SOCKET to get its path, this is safe to do.
---

18bb30c3b2ea7f4497edf86414133667b3e155fe