From anti-systemd to pro-systemd in the shortest time

Posted Jan 31, 2014 22:31 UTC (Fri) by cortana (subscriber, #24596)
In reply to: From anti-systemd to pro-systemd in the shortest time by dlang
Parent article: This week in "As the Technical Committee Turns"

Hm, have you considered running the affected service in its own mount namespace, within which you bind mount /run/system/journal/syslog over /dev/log? Seems cleaner than LD_PRELOAD games--assuming that bind mounting sockets works of course, I've not actually tried it myself.

From anti-systemd to pro-systemd in the shortest time

Posted Jan 31, 2014 23:22 UTC (Fri) by dlang (guest, #313) [Link] (1 responses)

how would you do this in systemd?

From anti-systemd to pro-systemd in the shortest time

Posted Feb 1, 2014 0:52 UTC (Sat) by cortana (subscriber, #24596) [Link]

Today, maybe with: ExecStart=/usr/bin/unshare -m /bin/sh -- -c 'mount --bind /run/system/journal/syslog /dev/log && myprogram ...'

I'd like to see systemd get an option to configure a private mount namespace, then it could become a bit less ugly:

[Service]
PrivateMountNamespace=foo
ExecStartPre=/bin/mount --bind /runs/system/journal/syslog /dev/log
ExecStart=myprogram ...

Where the name of the namespace is used to create a file, /run/mountns/foo, which can be used by processes from other namespaces to obtain a file descriptor that they can pass to setns() in order to enter the namespace. That way, several services can share a common mount namespace. 'ip netns' provides a similar facility for managing network namespaces.