[systemd-devel] Question for Private* options in systemd.exec
Sungbae Yoo
sungbae.yoo at samsung.com
Tue Nov 24 23:58:36 PST 2015
> systemd servies ar enot supposed to be a container environment. Hence
> they only expose namespacing options that slightly rearrange things,
> take rights way and suchlike but do not make structural changes to the
> whole system, they don't create a completely new virtualized machine
> for the service. For that kind of stuff use systemd-nspawn.
Actually I don't want fully virtualized machine.
> What precisely would the usecase be for that?
OK, I want to put several services into a small sandbox, which doesn't allow
to communicate between inside and outside (such as, IPC and Network).
Namespaces is useful to make this kind of sandbox.
I think user-session services are good to apply this sandbox in my system.
So I tryed to put user-session into namespaces.
net namespace is easy. because I have only to put 'PrivateNetwork=yes' in user at .service file.
but I have no idea how I could use the other namespace.
Best regards,
Sungbae Yoo
More information about the systemd-devel
mailing list