diff options
author | Lennart Poettering <lennart@poettering.net> | 2021-10-19 14:56:49 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2021-10-20 11:35:15 +0200 |
commit | 4a4654e0241fbeabecb8587fd3520b6b39264b9c (patch) | |
tree | 2e4366a646eb12e254fc631e344a832987aa27c6 /man/systemd-nspawn.xml | |
parent | 231c7645ca761f0347c98fa48c68b3fde00fbc15 (diff) | |
download | systemd-4a4654e0241fbeabecb8587fd3520b6b39264b9c.tar.gz |
nspawn: add --suppress-sync=yes mode for turning sync() and friends into NOPs via seccomp
This is supposed to be used by package/image builders such as mkosi to
speed up building, since it allows us to suppress sync() inside a
container.
This does what Debian's eatmydata tool does, but for a container, and
via seccomp (instead of LD_PRELOAD).
Diffstat (limited to 'man/systemd-nspawn.xml')
-rw-r--r-- | man/systemd-nspawn.xml | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index e84ac6ae42..aec0b0e129 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -570,6 +570,24 @@ before sending its own to systemd. For more details about notifications see <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para></listitem> </varlistentry> + + <varlistentry> + <term><option>--suppress-sync=</option></term> + + <listitem><para>Expects a boolean argument. If true, turns off any form of on-disk file system + synchronization for the container payload. This means all system calls such as <citerefentry + project='man-pages'><refentrytitle>sync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, + <function>fsync()</function>, <function>syncfs()</function>, … will execute no operation, and the + <constant>O_SYNC</constant>/<constant>O_DSYNC</constant> flags to <citerefentry + project='man-pages'><refentrytitle>open</refentrytitle><manvolnum>2</manvolnum></citerefentry> and + related calls will be made unavailable. This is potentially dangerous, as assumed data integrity + guarantees to the container payload are not actually enforced (i.e. data assumed to have been written + to disk might be lost if the system is shut down abnormally). However, this can dramatically improve + container runtime performance – as long as these guarantees are not required or desirable, for + example because any data written by the container is of temporary, redundant nature, or just an + intermediary artifact that will be further processed and finalized by a later step in a + pipeline. Defaults to false.</para></listitem> + </varlistentry> </variablelist> </refsect2><refsect2> |