Re: unsafe systemd setup in Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Mar 3, 2022 at 8:24 AM Lennart Poettering <mzerqung@xxxxxxxxxxx> wrote:

badly. One good example for that is crond: you never know what cron
jobs intend to do, hence you cannot sandbox crond as a whole
reasonably. Moreover, runtime matters: short-lived stuff is much less


I've also run into another complication with sandboxed units: using the 'normal' override processes to, for example, add one or two ExecStartPre commands to a service means that those commands will *also* be run in the sandboxed environment. The solution of course is to put those into their own service unit and setup proper dependencies so that they will be run at the proper time, but it can definitely surprise the user (it certainly surprised me).
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux