[systemd-devel] Why does nspawn check if in a user session?
Luke Shumaker
lukeshu at lukeshu.com
Thu Sep 14 04:55:56 UTC 2017
Hi all,
I have another question about `systemd-nspawn` internals.
When sanity-checking argv, it does:
if (arg_keep_unit && arg_register && cg_pid_get_owner_uid(0, NULL) >= 0) {
log_error("--keep-unit --register=yes may not be used when invoked from a user session.");
return -EINVAL;
}
(the `&& arg_register` bit was added in 234)
Why does nspawn care if it is in a user session?
My best guess is that it doesn't want to share its cgroup with any
other processes, and it is using user session membership as a sloppy
proxy for that. If that's the case, wouldn't it be more correct and
robust to check for other processes in
"/sys/fs/cgroup/.../cgroup.procs"?
--
Happy hacking,
~ Luke Shumaker
More information about the systemd-devel
mailing list