[systemd-devel] logind vs CAP_SYS_ADMIN-lessness
David Herrmann
dh.herrmann at gmail.com
Fri Jan 23 03:09:58 PST 2015
Hi
On Thu, Jan 22, 2015 at 3:53 PM, Christian Seiler <christian at iwakd.de> wrote:
> [1] Note that the only other issue I stumbled upon has now been fixed,
> so in general I would say that systemd already works really well
> in containers without CAP_SYS_ADMIN if you know how to set them
> up properly.
Just as a heads-up: The device-delegation API
(src/logind/logind-session-device.c) will also fail if you run without
CAP_SYS_ADMIN. Admittedly, DRM and input devices usually don't matter
in containers, so it's fine. But on main systems, we really need
CAP_SYS_ADMIN.
Thanks
David
More information about the systemd-devel
mailing list