[systemd-devel] Notification socket and chroot vs PrivateNetwork conflict (abstract vs file-system)
lennart at poettering.net
Wed Dec 10 09:10:04 PST 2014
On Wed, 10.12.14 16:33, Krzysztof Kotlenga (k.kotlenga at sims.pl) wrote:
> On Tue, 2014-12-09 at 17:28 +0100, Lennart Poettering wrote:
> > On Tue, 09.12.14 16:24, Krzysztof Kotlenga (k.kotlenga at sims.pl) wrote:
> >> Currently notify socket is unavailable in chrooted services (again)
> >> unless you bind mount it there. Is there perhaps another, less
> >> cumbersome way?
> >> So far notify socket was:
> >> [snip change history]
> >> So... would it be acceptable to have two notify sockets, one
> >> abstract and one normal, the latter only set for services with
> >> PrivateNetwork or - better maybe - explicitly selectable? Any other
> >> ideas?
> > Hmm, but what would you do for a service that has both
> > PrivateNetwork and chroot enabled?
> Well, PrivateNetwork is clearly asking for trouble... A socket doesn't
> really look like a right tool for the job in this case. I know Unix
> signals were previously discarded in
> Dunno what's left.
AF_UNIX sockets in the file system namespace are unaffected from
PrivateNetwork= really. It's just the combination of file system
rearrangements and PrivateNetwork= that is the problem...
Lennart Poettering, Red Hat
More information about the systemd-devel