[systemd-devel] Why does nspawn check if in a user session?

Luke Shumaker lukeshu at lukeshu.com
Thu Sep 14 04:55:56 UTC 2017


Hi all,

I have another question about `systemd-nspawn` internals.

When sanity-checking argv, it does:

        if (arg_keep_unit && arg_register && cg_pid_get_owner_uid(0, NULL) >= 0) {
                log_error("--keep-unit --register=yes may not be used when invoked from a user session.");
                return -EINVAL;
        }

  (the `&& arg_register` bit was added in 234)

Why does nspawn care if it is in a user session?

My best guess is that it doesn't want to share its cgroup with any
other processes, and it is using user session membership as a sloppy
proxy for that.  If that's the case, wouldn't it be more correct and
robust to check for other processes in
"/sys/fs/cgroup/.../cgroup.procs"?

-- 
Happy hacking,
~ Luke Shumaker


More information about the systemd-devel mailing list