nspawn: add --suppress-sync=yes mode for turning sync() and friends into NOPs via seccomp

This is supposed to be used by package/image builders such as mkosi to speed up building, since it allows us to suppress sync() inside a container. This does what Debian's eatmydata tool does, but for a container, and via seccomp (instead of LD_PRELOAD).
author: Lennart Poettering <lennart@poettering.net> 2021-10-19 14:56:49 +0200
committer: Lennart Poettering <lennart@poettering.net> 2021-10-20 11:35:15 +0200
commit: 4a4654e0241fbeabecb8587fd3520b6b39264b9c (patch)
tree: 2e4366a646eb12e254fc631e344a832987aa27c6 /docs/ENVIRONMENT.md
parent: 231c7645ca761f0347c98fa48c68b3fde00fbc15 (diff)
download: systemd-4a4654e0241fbeabecb8587fd3520b6b39264b9c.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md
index 9a824820da..328934cd17 100644
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@@ -138,6 +138,12 @@ All tools:
 * `$SYSTEMD_NSPAWN_TMPFS_TMP=0` — if set, do not overmount `/tmp/` in the
   container with a tmpfs, but leave the directory from the image in place.
 
+* `$SYSTEMD_SUPPRESS_SYNC=1` — if set, all disk synchronization syscalls are
+  blocked to the container payload (e.g. `sync()`, `fsync()`, `syncfs()`, …)
+  and the `O_SYNC`/`O_DSYNC` flags are made unavailable to `open()` and
+  friends. This is equivalent to passing `--suppress-sync=yes` on the
+  `systemd-nspawn` command line.
+
 `systemd-logind`:
 
 * `$SYSTEMD_BYPASS_HIBERNATION_MEMORY_CHECK=1` — if set, report that
author	Lennart Poettering <lennart@poettering.net>	2021-10-19 14:56:49 +0200
committer	Lennart Poettering <lennart@poettering.net>	2021-10-20 11:35:15 +0200
commit	4a4654e0241fbeabecb8587fd3520b6b39264b9c (patch)
tree	2e4366a646eb12e254fc631e344a832987aa27c6 /docs/ENVIRONMENT.md
parent	231c7645ca761f0347c98fa48c68b3fde00fbc15 (diff)
download	systemd-4a4654e0241fbeabecb8587fd3520b6b39264b9c.tar.gz