Hi Tim, On Thu, Feb 22, 2018 at 03:03:58PM +0100, Tim Duesterhus wrote: > I'm running this exact settings on my Debian Stretch machine using haproxy > 1.8.x, without issues so far. > > The first patch could cause issues for users that store their configuration > in /home or /root, but I consider this unlikely. > > Tim Duesterhus (2): > MINOR: systemd: Add SystemD's Protect*= options to the unit file > MINOR: systemd: Add SystemD's SystemCallFilter option to the unit file
I took a look, but my systemd incompetence limited my ability to understand what this really does. How does systemd act to do this exactly ? I'm very worried that the only way it could proceed would be by running the process under ptrace causing a tremendous slowdown, and additionally making the process unobservable/undebuggable. Do you know how it proceeds internally ? Thanks, Willy
