From 9236cabf78ae69119729923d434e2d7d56f10f82 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 12 Jul 2018 21:03:53 +0200 Subject: [PATCH] man: elaborate a bit on the effect of PrivateNetwork= Triggered by this thread: https://lists.freedesktop.org/archives/systemd-devel/2018-July/040992.html --- man/systemd.exec.xml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 23c9f5a458..ccf79b21d6 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -1046,9 +1046,13 @@ BindReadOnlyPaths=/var/lib/systemd Defaults to false. It is possible to run two or more units within the same private network namespace by using the JoinsNamespaceOf= directive, see systemd.unit5 for - details. Note that this option will disconnect all socket families from the host, this includes AF_NETLINK and - AF_UNIX. The latter has the effect that AF_UNIX sockets in the abstract socket namespace will become - unavailable to the processes (however, those located in the file system will continue to be accessible). + details. Note that this option will disconnect all socket families from the host, including + AF_NETLINK and AF_UNIX. Effectively, for + AF_NETLINK this means that device configuration events received from + systemd-udevd.service8 are + not delivered to the unit's processes. And for AF_UNIX this has the effect that + AF_UNIX sockets in the abstract socket namespace of the host will become unavailable to + the unit's processes (however, those located in the file system will continue to be accessible). Note that the implementation of this setting might be impossible (for example if network namespaces are not available), and the unit should be written in a way that does not solely rely on this setting for