[systemd-devel] graphical sessions inherits display-maanger only partly
Mantas Mikulėnas
grawity at gmail.com
Tue Jan 22 14:40:16 UTC 2019
On Tue, Jan 22, 2019 at 3:52 PM Reindl Harald <h.reindl at thelounge.net>
wrote:
>
>
> Am 22.01.19 um 08:12 schrieb Mantas Mikulėnas:
> > On Tue, Jan 22, 2019 at 3:46 AM Reindl Harald <h.reindl at thelounge.net
> > <mailto:h.reindl at thelounge.net>> wrote:
> >
> >
> > "ProtectSystem=full" with the setup below just works, "su -" in a
> > konsole within the graphical session don't gain write permissions
> >
> > Tasks: 4
> > why?
> >
> > shouldn't everything started after the graphical login interherit any
> > settings from teh display-manager service and run under it's cgroup?
> >
> >
> > No, one of the first things done during login is to create a new logind
> > session with associated cgroup (under user.slice) and move your process
> > into it.
>
> so that ProtectSystem and FS namespaces are properly interhited is more
> luck than by design?
>
Namespaces are not cgroup parameters.
I don't think namespacing a user-login service was ever part of the
design...
--
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20190122/62638bde/attachment.html>
More information about the systemd-devel
mailing list