From: Lennart Poettering <lennart@poettering.net>
Date: Sat, 1 Nov 2025 21:21:32 +0000 (+0100)
Subject: docs: add comment about requiring the mount hierarchy to be mounted MS_SHARED
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=32f4e30be58c2d5fabff32efbd4d266ae0d7503d;p=thirdparty%2Fsystemd.git

docs: add comment about requiring the mount hierarchy to be mounted MS_SHARED

This has been tripping up container manager people. let's document this
explicitly.

(Note that the container interface could really use some updates, i.e.
it was written before a time where cgroup namespacing was a thing. But I
am too lazy to fix that now, so let's just add this once facet.)
---

diff --git a/docs/CONTAINER_INTERFACE.md b/docs/CONTAINER_INTERFACE.md
index 77648395e96..3b33ce636ca 100644
--- a/docs/CONTAINER_INTERFACE.md
+++ b/docs/CONTAINER_INTERFACE.md
@@ -86,6 +86,12 @@ manager, please consider supporting the following interfaces.
    confuse systemd and the admin, but also prevent your implementation from
    being "stackable".
 
+8. The mount hierarchy of the container should be mounted `MS_SHARED` before
+   invoking `systemd` as PID 1. Things will break at various places if this is
+   not done. Note that of course it's OK if the mounts are first marked
+   `MS_PRIVATE`/`MS_SLAVE` (to disconnect propagation at least partially) as
+   long as they are remounted `MS_SHARED` before `systemd` is invoked.
+
 ## Environment Variables
 
 1. To allow systemd (and other programs) to identify that it is executed within