Re: [systemd-devel] What makes systemd-nspawn "not suitable for secure container setups"?

2011-04-22 Thread microcai
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 于 2011年04月23日 12:16, Josh Triplett 写道: > On Sat, Apr 23, 2011 at 11:28:58AM +0800, microcai wrote: >> 于 2011年04月23日 10:55, Josh Triplett 写道: >>> The systemd-nspawn manpage lists the various mechanisms used to isolate >>> the container, and then says "N

Re: [systemd-devel] What makes systemd-nspawn "not suitable for secure container setups"?

2011-04-22 Thread Josh Triplett
On Sat, Apr 23, 2011 at 11:28:58AM +0800, microcai wrote: > 于 2011年04月23日 10:55, Josh Triplett 写道: > > The systemd-nspawn manpage lists the various mechanisms used to isolate > > the container, and then says "Note that even though these security > > precautions are taken systemd-nspawn is not suita

Re: [systemd-devel] What makes systemd-nspawn "not suitable for secure container setups"?

2011-04-22 Thread microcai
于 2011年04月23日 10:55, Josh Triplett 写道: > The systemd-nspawn manpage lists the various mechanisms used to isolate > the container, and then says "Note that even though these security > precautions are taken systemd-nspawn is not suitable for secure > container setups. Many of the security features m

[systemd-devel] What makes systemd-nspawn "not suitable for secure container setups"?

2011-04-22 Thread Josh Triplett
The systemd-nspawn manpage lists the various mechanisms used to isolate the container, and then says "Note that even though these security precautions are taken systemd-nspawn is not suitable for secure container setups. Many of the security features may be circumvented and are hence primarily usef

[systemd-devel] [PATCH] mount-setup: failure to mount cgroup controllers is not fatal

2011-04-22 Thread Michal Schmidt
Even after commit e5a53dc7 "cgroup: be nice to Ingo Molnar" systemd still hangs on boot on a kernel without CONFIG_CGROUPS. mount_setup() must not fail when cgroup controllers cannot be mounted. https://bugzilla.redhat.com/show_bug.cgi?id=628004 --- src/mount-setup.c |4 +++- 1 files change

[systemd-devel] systemctl rescue: Transaction is destructive

2011-04-22 Thread Miklos Vajna
Hi, I'm getting the attached output when I enter 'systemctl resuce' from multi-user.target. The error message sounds a bit cryptic, any idea what goes wrong? Once that's printed, I can switch VT-s, but nothing else (can't type etc), that's why I attached a screenshot. Thanks, Miklos <> pgp2LSE

[systemd-devel] How to implement fsck progress report with systemd and plymouth?

2011-04-22 Thread [email protected]
Hi all, plymouth in Ubuntu 10.04 supports fsck progress report, and also provides a chance for user to cancel running fsck. How to implement this feature with systemd and plymouth? I did some investigation, found: 1. ubuntu patches on_update() of plymouth/src/main.c, it will filter out status mes