docs: add comment about requiring the mount hierarchy to be mounted MS_SHARED

This has been tripping up container manager people. let's document this explicitly. (Note that the container interface could really use some updates, i.e. it was written before a time where cgroup namespacing was a thing. But I am too lazy to fix that now, so let's just add this once facet.)
2026-04-14 00:14:32 +09:00 · 2025-11-01 22:21:32 +01:00
parent ee3cd7890d
commit 32f4e30be5
1 changed files with 6 additions and 0 deletions
--- a/docs/CONTAINER_INTERFACE.md
+++ b/docs/CONTAINER_INTERFACE.md
@@ -86,6 +86,12 @@ manager, please consider supporting the following interfaces.
   confuse systemd and the admin, but also prevent your implementation from
   being "stackable".

+8. The mount hierarchy of the container should be mounted `MS_SHARED` before
+   invoking `systemd` as PID 1. Things will break at various places if this is
+   not done. Note that of course it's OK if the mounts are first marked
+   `MS_PRIVATE`/`MS_SLAVE` (to disconnect propagation at least partially) as
+   long as they are remounted `MS_SHARED` before `systemd` is invoked.
+
 ## Environment Variables

 1. To allow systemd (and other programs) to identify that it is executed within