Re: [systemd-devel] What makes systemd-nspawn "not suitable for secure container setups"?

2011-04-24 Thread Tollef Fog Heen
]] Lennart Poettering [...] | (Consider the container blocking all ports > 6000 thus making it | impossible to run X on the host). But this one is actually not a big | issue in the end I guess, so let's ignore it here. X doesn't listen on tcp by default those days, so this shouldn't be a proble

Re: [systemd-devel] How to implement fsck progress report with systemd and plymouth?

2011-04-24 Thread fykc...@gmail.com
2011/4/25 Lennart Poettering : > On Fri, 22.04.11 15:04, fykc...@gmail.com (fykc...@gmail.com) wrote: > >> Hi all, >> >> plymouth in Ubuntu 10.04 supports fsck progress report, and also >> provides a chance for user to cancel running fsck. How to implement >> this feature with systemd and plymouth?

Re: [systemd-devel] How to implement fsck progress report with systemd and plymouth?

2011-04-24 Thread Lennart Poettering
On Fri, 22.04.11 15:04, fykc...@gmail.com (fykc...@gmail.com) wrote: > Hi all, > > plymouth in Ubuntu 10.04 supports fsck progress report, and also > provides a chance for user to cancel running fsck. How to implement > this feature with systemd and plymouth? It's actually a really hard problem.

Re: [systemd-devel] What makes systemd-nspawn "not suitable for secure container setups"?

2011-04-24 Thread Lennart Poettering
On Sat, 23.04.11 13:29, microcai (micro...@fedoraproject.org) wrote: > > Ah, good point. So, root inside the container can trivially circumvent > > the container that way. Any way to prevent that with current kernel > > support, or would fixing this require additional kernel changes to lock > >

Re: [systemd-devel] What makes systemd-nspawn "not suitable for secure container setups"?

2011-04-24 Thread Lennart Poettering
On Fri, 22.04.11 21:16, Josh Triplett (j...@joshtriplett.org) wrote: > On Sat, Apr 23, 2011 at 11:28:58AM +0800, microcai wrote: > > 于 2011年04月23日 10:55, Josh Triplett 写道: > > > The systemd-nspawn manpage lists the various mechanisms used to isolate > > > the container, and then says "Note that ev

Re: [systemd-devel] What makes systemd-nspawn "not suitable for secure container setups"?

2011-04-24 Thread Lennart Poettering
On Fri, 22.04.11 19:55, Josh Triplett (j...@joshtriplett.org) wrote: > The systemd-nspawn manpage lists the various mechanisms used to isolate > the container, and then says "Note that even though these security > precautions are taken systemd-nspawn is not suitable for secure > container setups.

[systemd-devel] [PATCH] Fix gcc unitialized variable warning

2011-04-24 Thread Zbigniew Jędrzejewski-Szmek
Since strv_* functions handle null arguments, this warning is actually valid. src/strv.c: In function ‘strv_copy’: src/strv.c:68:21: warning: ‘k’ may be used uninitialized in this function [-Wuninitialized] --- src/strv.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git