O SystemD suporta isso através de RootDirectory
,
RootDirectory=
Takes a directory path relative to the host's root directory (i.e. the root of the system running the service manager). Sets the root directory for executed processes, with thechroot(2)
system call. If this is used, it must be ensured that the process binary and all its auxiliary files are available in thechroot()
jail. Note that setting this parameter might result in additional dependencies to be added to the unit (see above).The
MountAPIVFS=
andPrivateUsers=
settings are particularly useful in conjunction withRootDirectory=
.
APIVFS
, é provavelmente o mais útil,
Takes a boolean argument. If on, a private mount namespace for the unit's processes is created and the API file systems
/proc
,/sys
, and/dev
are mounted inside of it, unless they are already mounted