On Thu, Mar 3, 2022 at 8:24 AM Lennart Poettering <mzerqung@xxxxxxxxxxx> wrote:
badly. One good example for that is crond: you never know what cron
jobs intend to do, hence you cannot sandbox crond as a whole
reasonably. Moreover, runtime matters: short-lived stuff is much less
I've also run into another complication with sandboxed units: using the 'normal' override processes to, for example, add one or two ExecStartPre commands to a service means that those commands will *also* be run in the sandboxed environment. The solution of course is to put those into their own service unit and setup proper dependencies so that they will be run at the proper time, but it can definitely surprise the user (it certainly surprised me).
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure