[systemd-devel] [PATCH 2/7] Give the user permissions to their session's cgroup
Lennart Poettering
lennart at poettering.net
Tue Dec 10 12:55:49 PST 2013
On Sun, 01.12.13 21:25, Hristo Venev (hristo at venev.name) wrote:
> User is given permissions to their user@*.service cgroup so that user mode
> systemd can run. session-*.scope cgroup permissions are required for
> session mode.
Passing ownership to the cgroup tree is explicitly something that we
should be very careful with. Delegation may happen (as mentioned
elsewhere) between systemd instances, but we should keep it at a
minimum, as the kernel support for delegating to users might eventually
go away entirely.
This is why the delegation is currently hidden between that PAM session
check: we only want it for user at .service, but nothing else.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list