On Mon, 02.03.15 09:17, Daniel J Walsh (dwalsh@xxxxxxxxxx) wrote: > > On 03/01/2015 10:41 PM, Michael DePaulo wrote: > > Hi, > > > > I am developing a Dockerfile for X2Go. I intend to submit a PR to > > fedora-Dockerfiles within a week. > > > > https://github.com/mikedep333/Fedora-Dockerfiles/tree/add-x2go > > > > (X2Go was already added in F20) > > https://fedoraproject.org/wiki/Changes/X2Go > > > > Example Dockerfile with systemd: > > https://github.com/fedora-cloud/Fedora-Dockerfiles/blob/master/systemd/apache/Dockerfile > > > > However, I would like to know if the Fedora project still recommends > > that I use systemd, or if I should resort to using supervisord or a > > shell script. > > > > I merely need to start sshd and x2gocleansessions. Both have systemd > > unit files, but can be run via an init script too. > > > > When I do try systemd, I am experiencing known issues with cgroups and > > with mounting /run, unless I run a privileged container. It has been a > > while since there were any comments on the CLOSED NOTABUG bz on these > > issues. > > https://bugzilla.redhat.com/show_bug.cgi?id=1033604 > > > > -Mike > We are continuing to work on making running systemd within a container > better. > I am trying to get a /run on tmpfs patch to be acceptable upstream. But > we still > have a problem with systemd requiring /sys/fs/cgroup to be mounted > inside the container > to run. Which allows for an information leak. You'd have to get the kernel changed for that "information leak" to be fixed. That said, containers on Linux are not really about security, the whole thing has more holes than a swiss cheese. Maybe one day the security holes can be fixed, but as of now, it's simply not secure. And this "information leak" is certainly the least of your problems... Lennart -- Lennart Poettering, Red Hat -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct