1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00

nspawn: deprecate --share-system support

This removes the --share-system switch: from the documentation, the --help text
as well as the command line parsing. It's an ugly option, given that it kinda
contradicts the whole concept of PID namespaces that nspawn implements. Since
it's barely ever used, let's just deprecate it and remove it from the options.

It might be useful as a debugging option, hence the functionality is kept
around for now, exposed via an undocumented $SYSTEMD_NSPAWN_SHARE_SYSTEM
environment variable.
This commit is contained in:
Lennart Poettering 2016-07-27 14:56:17 +02:00
parent 3539724c26
commit a6b5216c7c
2 changed files with 10 additions and 27 deletions

View File

@ -274,8 +274,7 @@
signals. It is recommended to use this mode to invoke arbitrary commands in containers, unless they have been
modified to run correctly as PID 1. Or in other words: this switch should be used for pretty much all commands,
except when the command refers to an init or shell implementation, as these are generally capable of running
correctly as PID 1. This option may not be combined with <option>--boot</option> or
<option>--share-system</option>.</para>
correctly as PID 1. This option may not be combined with <option>--boot</option>.</para>
</listitem>
</varlistentry>
@ -285,8 +284,7 @@
<listitem><para>Automatically search for an init binary and invoke it as PID 1, instead of a shell or a user
supplied program. If this option is used, arguments specified on the command line are used as arguments for the
init binary. This option may not be combined with <option>--as-pid2</option> or
<option>--share-system</option>.</para>
init binary. This option may not be combined with <option>--as-pid2</option>.</para>
<para>The following table explains the different modes of invocation and relationship to
<option>--as-pid2</option> (see above):</para>
@ -846,23 +844,6 @@
parameter may be used more than once.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--share-system</option></term>
<listitem><para>Allows the container to share certain system
facilities with the host. More specifically, this turns off
PID namespacing, UTS namespacing and IPC namespacing, and thus
allows the guest to see and interact more easily with
processes outside of the container. Note that using this
option makes it impossible to start up a full Operating System
in the container, as an init system cannot operate in this
mode. It is only useful to run specific programs or
applications this way, without involving an init system in the
container. This option implies <option>--register=no</option>.
This option may not be combined with
<option>--boot</option>.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--register=</option></term>
@ -877,9 +858,7 @@
and shown by tools such as
<citerefentry project='man-pages'><refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
If the container does not run an init system, it is
recommended to set this option to <literal>no</literal>. Note
that <option>--share-system</option> implies
<option>--register=no</option>. </para></listitem>
recommended to set this option to <literal>no</literal>.</para></listitem>
</varlistentry>
<varlistentry>

View File

@ -269,7 +269,6 @@ static void help(void) {
" --overlay-ro=PATH[:PATH...]:PATH\n"
" Similar, but creates a read-only overlay mount\n"
" -E --setenv=NAME=VALUE Pass an environment variable to PID 1\n"
" --share-system Share system namespaces with host\n"
" --register=BOOLEAN Register container as machine\n"
" --keep-unit Do not register a scope for the machine, reuse\n"
" the service unit nspawn is running in\n"
@ -405,7 +404,7 @@ static int parse_argv(int argc, char *argv[]) {
{ "selinux-context", required_argument, NULL, 'Z' },
{ "selinux-apifs-context", required_argument, NULL, 'L' },
{ "quiet", no_argument, NULL, 'q' },
{ "share-system", no_argument, NULL, ARG_SHARE_SYSTEM },
{ "share-system", no_argument, NULL, ARG_SHARE_SYSTEM }, /* not documented */
{ "register", required_argument, NULL, ARG_REGISTER },
{ "keep-unit", no_argument, NULL, ARG_KEEP_UNIT },
{ "network-interface", required_argument, NULL, ARG_NETWORK_INTERFACE },
@ -814,6 +813,8 @@ static int parse_argv(int argc, char *argv[]) {
break;
case ARG_SHARE_SYSTEM:
/* We don't officially support this anymore, except for compat reasons. People should use the
* $SYSTEMD_NSPAWN_SHARE_SYSTEM environment variable instead. */
arg_share_system = true;
break;
@ -1018,6 +1019,9 @@ static int parse_argv(int argc, char *argv[]) {
assert_not_reached("Unhandled option");
}
if (getenv_bool("SYSTEMD_NSPAWN_SHARE_SYSTEM") > 0)
arg_share_system = true;
if (arg_share_system)
arg_register = false;
@ -1025,7 +1029,7 @@ static int parse_argv(int argc, char *argv[]) {
arg_userns_chown = true;
if (arg_start_mode != START_PID1 && arg_share_system) {
log_error("--boot and --share-system may not be combined.");
log_error("--boot and SYSTEMD_NSPAWN_SHARE_SYSTEM=1 may not be combined.");
return -EINVAL;
}