I rebased the wip-user patches from wip-selinux-policy onto wip-selinux-policy-no-user + merge to master so that it sits on top of the newly-merged systemd changes. Notes/issues: - ceph-osd-prestart.sh verifies that the osd_data dir is owned by either 'root' or 'ceph' or else it exits with an error. (Presumably systemd will fail to start the unit in this case.) It prints a helpful message pointing the user at 'ceph-disk chown ...'. - 'ceph-disk chown ...' is not implemented yet. Should it take the base device, like activate and prepare? Or a mounted path? Or either? - Currently ceph-osd@.service unconditionally passes --setuser ceph to ceph-osd... even if the data directory is owned by root. I don't think systemd is smart enough to do this conditionally unless we make an ugly wrapper script that starts ceph-osd. Alternatively, we could make ceph-osd conditionally do the setuid based on the ownership of the directory, but... meh. The idea was to do the setuid *very* early in the startup process so that logging and so on are opened as the ceph user. Ideas? I think that's it right now... https://github.com/ceph/ceph/commits/wip-user sage -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
