Op 9 feb. 2016 17:52 schreef "Damjan Georgievski" <gdamjan@xxxxxxxxx>: > > On 9 February 2016 at 17:34, Guus Snijders <gsnijders@xxxxxxxxx> wrote: > > Op 9 feb. 2016 17:27 schreef "Michał Zegan" <webczat_200@xxxxxxxxxxxxxx >: > >> > > > >> Although you have to write > >> unit files, you can start scripts, so you do not really lose > >> flexibility. Also systemd's isolation capabilities are superior, there > >> are some things you currently cannot do from scripts, like > >> PrivateTmp=yes and stuff. > > > > Isolation is AFAIK based on cgroups, not the easiest subject, but certainly > > not impossible to implement. > > not impossible, if you reimplement systemd :) ;) > > PrivateTmp: Does that more then setting $TEMP to a custom value? > > > > I'm just being curious here. > > yes, it creates a filesystem/mount namespace for the process(es) and mount's a > /tmp/systemd-private-xxxx/ directory as /tmp. from the point of view > of the process it will never see > anything else from the outer /tmp Ok, that is a nice trick. Mvg, Guus Snijders
