[systemd-devel] [HEADSUP] systemd-222 around the corner
Dominick Grift
dac.override at gmail.com
Tue Jul 7 02:33:08 PDT 2015
On Tue, Jul 07, 2015 at 09:56:45AM +0100, Richard Maw wrote:
> On Tue, Jul 07, 2015 at 09:25:21AM +0300, Andrei Borzenkov wrote:
> > On Tue, Jul 7, 2015 at 9:02 AM, Dominick Grift <dac.override at gmail.com> wrote:
> > > Would be nice if anyone could at least confirm or deny this issue that I've identified in systemd-nspawn since v220:
> > >
> > > https://bugzilla.redhat.com/show_bug.cgi?id=1232371
> > >
> > > Containers that rely on that functionality stopped working for me since v220
> >
> > Ddi you open github issue for that?
>
> I did. https://github.com/systemd/systemd/issues/475
>
> I've got a local fix with https://github.com/systemd/systemd/pull/483,
> but it's pending discussion with Dan Walsh about whether this should be
> the fix, and https://github.com/systemd/systemd/pull/500 would make the
> work-around cleaner.
I do not see why this needs walsh' input. This setexeccon() functionality is implemented all over the place (svirt, selinux-sandbox etc). If it would be compelling to deal with that in either libselinux or glibc then it probably would have been dealth with there already.
--
02DFF788
4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788
http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 648 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150707/bafc6972/attachment.sig>
More information about the systemd-devel
mailing list