On Fri, 24.01.14 11:27, Ben Boeckel (maths...@gmail.com) wrote: > > On Fri, Jan 24, 2014 at 11:07:18 +0100, Lennart Poettering wrote: > > On Thu, 23.01.14 13:54, Ben Boeckel (maths...@gmail.com) wrote: > > > As I mused on LWN[1] recently, I was wondering whether it was possible > > > to have user units be able to hook into namespaces (namely the > > > PrivateNetwork= and PrivateTmp= from systemd.exec(5) and more if other > > > namespacing options are added in the future). > > > > WHat to you mean by "user units"? THose run off an unprivileged "systemd > > --user" instance? Or those run off PID 1 but with User= set? > > systemd --user. Would it be possible to use User= to do this though from > a system service?
Yeah, you can do a lot of stuff with User= since we only drop privs in such a case pretty late, so you can actually set up namespaces and stuff with full priviliges... Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel