[systemd-devel] Compiling in a sandbox

Ozan Çağlayan ozan at pardus.org.tr
Thu Jul 8 13:26:20 PDT 2010


On 08.07.2010 22:57, Lennart Poettering wrote:
> On Thu, 08.07.10 19:11, Ozan Çağlayan (ozan at pardus.org.tr) wrote:

>>
>> Note that this is built as root too.
> 
> Don't build this as root, please.
> 
> Lennart
> 

But hey I know that it's not good, preferable, safe to build packages as root *but* that's what we are doing as a distribution since 5 years. We know that we have to fix this but really what is the thing that avoids me to build systemd as root? Do we really need to mount the cgroup stuff over /? You previously said that this will go away with the released tarballs. If it's something like a check that what kind of cgroup facilities are available, can't that be mounted under a given mount point or under /tmpfs?

And I don't really get the logic of creating a folder in / and mounting something under it if I am root and not doing that if I am not. Is systemd trying to mount /cgroup because he thinks that being run as root means that he'll really be doing its real stuff? If yes, is it too difficult to add a parameter like --dry-run which won't forcely mount that /cgroup think? This way the build system can pass --dry-run to avoid violating sandbox.

That's the only barrier for us to package and deploy systemd in our upcoming 2011 release.

Regards,
Ozan Caglayan


More information about the systemd-devel mailing list