-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The isolation is not fully cgroup based, also cgroups require/prefer a single manager, this is going to be enforced in kernel someday, so it is better for init to do it as it is a parent of everything. PrivateTmp uses namespaces, so it is a real isolation. same with PrivateNetwork, ProtectSystem, etc. I do not say that you cannot do this from script, but you would have to make cmdline utilities for some of those things, so it is currently not possible. W dniu 09.02.2016 o 17:34, Guus Snijders pisze: > Op 9 feb. 2016 17:27 schreef "Michał Zegan" > <webczat_200@xxxxxxxxxxxxxx>: >> > >> A note about using shell scripts in systemd: Who said you can't? >> and I don't talk about systemd's init.d compatibility that is >> disabled in arch. Although you have to write unit files, you can >> start scripts, so you do not really lose flexibility. Also >> systemd's isolation capabilities are superior, there are some >> things you currently cannot do from scripts, like PrivateTmp=yes >> and stuff. > > Isolation is AFAIK based on cgroups, not the easiest subject, but > certainly not impossible to implement. > > PrivateTmp: Does that more then setting $TEMP to a custom value? > > I'm just being curious here. > > Mvg, Guus Snijders > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWuhmOAAoJEHb1CzgxXKwYns8P/24XkWt9vC/Sngfmcgkjc77I IFjshUljV5sVO4oOHvDb4oPQcPIsACc24feN1pvy/MNtWdeMJJg2MyFYmNy9GkYc z3WqnRr+pFbQZWCCbdtMIvshvJi141DBrPSVoI1T6hfD0wR3ptkHh0n72bcH1HTH VkkjfhAsz4V7i6G8Bt4vOK89kjPKQJF1HieBPiUNZgNBjbhoq/1Nv5jfCW47Dvgl TA3gXJlSAshkCGdogL0WqFyzA/78MDQ3x90DfdLITZ7Yk/G0bpNM9Lk6MJbW/y3E eNnfy8S/D9TcTE5k4ST6DBl3XSLMbr3HlxSUmme+0sfDa4BUz5asTmgMYrdZ5Zfl DIReoDvgld2BEK2sgKk2BkQPPmnblZ7OwDLYPC8QmWCWBzIESshHWgYs0Ditsq8N f3Q15Cj6QDALfxYTlk3TasQ2DRul6S8wFwotEktGYO9Gvi9ktWoFhaVGem1hBB6X 7p3kdEzrwOXQvfqOxqblzPQpTu/0FS9LxRwRcNCKqtqgi6MuRcWeVcKw8pBBJeKe QJudU7pXvjbwovZzPKEfmL2RsJ4Cb+PFR6nnRUUkXjuCfDj69l5LbnnijnLf4U34 ofJYo2MSSlqqjR+MaSUo8DNbZcTmRaVq8TsnUHZHoRbhOPgXKYr4B9HXG3lwSCmF YoP+zd75A/xB51DnVoHq =3gQy -----END PGP SIGNATURE-----