[systemd-devel] Users and system namespaces
Lennart Poettering
lennart at poettering.net
Fri Jan 24 09:35:30 PST 2014
On Fri, 24.01.14 11:27, Ben Boeckel (mathstuf at gmail.com) wrote:
>
> On Fri, Jan 24, 2014 at 11:07:18 +0100, Lennart Poettering wrote:
> > On Thu, 23.01.14 13:54, Ben Boeckel (mathstuf at gmail.com) wrote:
> > > As I mused on LWN[1] recently, I was wondering whether it was possible
> > > to have user units be able to hook into namespaces (namely the
> > > PrivateNetwork= and PrivateTmp= from systemd.exec(5) and more if other
> > > namespacing options are added in the future).
> >
> > WHat to you mean by "user units"? THose run off an unprivileged "systemd
> > --user" instance? Or those run off PID 1 but with User= set?
>
> systemd --user. Would it be possible to use User= to do this though from
> a system service?
Yeah, you can do a lot of stuff with User= since we only drop privs in
such a case pretty late, so you can actually set up namespaces and stuff
with full priviliges...
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list