[systemd-devel] We are working on Secure Container Applications.

"Jóhann B. Guðmundsson" johannbg at gmail.com
Mon Jan 9 15:26:17 PST 2012


On 01/09/2012 09:42 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> The idea is to run multiple instances of the same application within a
> container.  For example multiple Apache servers.
>
> I am working on a tool to create these containers, which will create a
> service unit file.
>
> # virt-sandbox-service create -e /usr/sbin/httpd httpd_sanbox
> Created container dir /var/lib/libvirt/filesystems/httpd_sanbox
> Created sandbox config /etc/libvirt-sandbox/httpd_sanbox.sandbox
> Created unit file /etc/systemd/system/httpd_sanbox.service
>
> One problem we see with this is when the httpd program gets updated,
> it runs a systemctl reload httpd.service, to cause the httpd service
> to restart.  We would like to get this reload command from systemd
> also.
>
> What do you guys think of adding something like the following to the
> service unit?
>
> ReloadRequest: httpd.service
>
> Then anyone asking to reload the httpd.service would also cause the
> httpd_sandbox.service to get the reload.

Hum should that not happen automatically when you BindTo a unit as in if 
you automatically start/reload/restart/stop an bound unit it would also 
start/reload/restart/stop the unit(s) it's bound to.

So the httpd_sandbox.service should just be bound to the httpd.service.

If that's broken I would rather think it should be fixed as opposed to 
add another switch.

JBG



More information about the systemd-devel mailing list