« Back to Settings for systemd units

PrivateMounts setting

The property PrivateMounts is a systemd unit setting used for sandboxing. It is available since systemd 239.

Purpose: provides a separated mount namespace to the service

Why and when to use PrivateMounts

Systemd has the unit setting PrivateMounts to provides the service with a private mount namespace. Only the service will see this view of the mount points and it will not be propagated to the other services on the same host. Mount points visible on the host will still be propagated to service though.

Generic advice

This option can be useful to use, but typically is not needed if one or more of the following settings is already configured.

Values

Systemd unit setting PrivateMounts expects a boolean (yes/no or true/false).

Values for systemd unit setting PrivateMounts
ValueIntended actionAvailable since
systemd version
nonormal access to mount points - default239
yesprovides mount namespace to service that is not propagated back to the host239

Example to show the current value of PrivateMounts for the ssh service:

systemctl show --property=PrivateMounts ssh.service

Frequently Asked Questions

How to use systemctl edit?

Run systemctl with the 'edit' subcommand and service.

systemctl edit UNIT.service

See full answer at How to use systemctl edit to change a service?

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!

Mastodon icon

Related articles

Like to learn more? Here is a list of articles within the same category or having similar tags.