diff options
author | Lennart Poettering <lennart@poettering.net> | 2021-10-19 14:56:49 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2021-10-20 11:35:15 +0200 |
commit | 4a4654e0241fbeabecb8587fd3520b6b39264b9c (patch) | |
tree | 2e4366a646eb12e254fc631e344a832987aa27c6 /docs/ENVIRONMENT.md | |
parent | 231c7645ca761f0347c98fa48c68b3fde00fbc15 (diff) | |
download | systemd-4a4654e0241fbeabecb8587fd3520b6b39264b9c.tar.gz |
nspawn: add --suppress-sync=yes mode for turning sync() and friends into NOPs via seccomp
This is supposed to be used by package/image builders such as mkosi to
speed up building, since it allows us to suppress sync() inside a
container.
This does what Debian's eatmydata tool does, but for a container, and
via seccomp (instead of LD_PRELOAD).
Diffstat (limited to 'docs/ENVIRONMENT.md')
-rw-r--r-- | docs/ENVIRONMENT.md | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md index 9a824820da..328934cd17 100644 --- a/docs/ENVIRONMENT.md +++ b/docs/ENVIRONMENT.md @@ -138,6 +138,12 @@ All tools: * `$SYSTEMD_NSPAWN_TMPFS_TMP=0` — if set, do not overmount `/tmp/` in the container with a tmpfs, but leave the directory from the image in place. +* `$SYSTEMD_SUPPRESS_SYNC=1` — if set, all disk synchronization syscalls are + blocked to the container payload (e.g. `sync()`, `fsync()`, `syncfs()`, …) + and the `O_SYNC`/`O_DSYNC` flags are made unavailable to `open()` and + friends. This is equivalent to passing `--suppress-sync=yes` on the + `systemd-nspawn` command line. + `systemd-logind`: * `$SYSTEMD_BYPASS_HIBERNATION_MEMORY_CHECK=1` — if set, report that |