[systemd-devel] logind vs CAP_SYS_ADMIN-lessness

David Herrmann dh.herrmann at gmail.com
Fri Jan 23 03:09:58 PST 2015


On Thu, Jan 22, 2015 at 3:53 PM, Christian Seiler <christian at iwakd.de> wrote:
> [1] Note that the only other issue I stumbled upon has now been fixed,
>     so in general I would say that systemd already works really well
>     in containers without CAP_SYS_ADMIN if you know how to set them
>     up properly.

Just as a heads-up: The device-delegation API
(src/logind/logind-session-device.c) will also fail if you run without
CAP_SYS_ADMIN. Admittedly, DRM and input devices usually don't matter
in containers, so it's fine. But on main systems, we really need


More information about the systemd-devel mailing list