On Tue, Jan 22, 2019 at 3:52 PM Reindl Harald <[email protected]> wrote:
> > > Am 22.01.19 um 08:12 schrieb Mantas Mikulėnas: > > On Tue, Jan 22, 2019 at 3:46 AM Reindl Harald <[email protected] > > <mailto:[email protected]>> wrote: > > > > > > "ProtectSystem=full" with the setup below just works, "su -" in a > > konsole within the graphical session don't gain write permissions > > > > Tasks: 4 > > why? > > > > shouldn't everything started after the graphical login interherit any > > settings from teh display-manager service and run under it's cgroup? > > > > > > No, one of the first things done during login is to create a new logind > > session with associated cgroup (under user.slice) and move your process > > into it. > > so that ProtectSystem and FS namespaces are properly interhited is more > luck than by design? > Namespaces are not cgroup parameters. I don't think namespacing a user-login service was ever part of the design... -- Mantas Mikulėnas
_______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
