[systemd-devel] Device cgroups for user systemd scopes
Alexander Larsson
alexl at redhat.com
Wed Mar 4 09:50:04 PST 2015
The user instance of systemd does not seem to apply the DevicePolicy for
scopes. I.e. I can run:
$ systemd-run --user --scope --property=DevicePolicy=strict glxgears
Running as unit run-994.scope.
... runs fine, should fail to use DRI ...
$ cat /run/user/1000/systemd/user/run-994.scope.d/50-DevicePolicy.conf
[Scope]
DevicePolicy=strict
$ cat /proc/994/cgroup
10:hugetlb:/
9:perf_event:/
8:blkio:/
7:net_cls,net_prio:/
6:freezer:/
5:devices:/user.slice
4:memory:/user.slice
3:cpu,cpuacct:/
2:cpuset:/
1:name=systemd:/user.slice/user-1000.slice/user at 1000.service/run-994.scope
This is with systemd-216-20.fc21.x86_64 from Fedora 21 under gnome.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl at redhat.com alexander.larsson at gmail.com
He's a world-famous Republican sorceror with a mysterious suitcase
handcuffed to his arm. She's a cynical hip-hop politician from the wrong
side of the tracks. They fight crime!
More information about the systemd-devel
mailing list