On Tue, Jan 06, 2015 at 03:28:09AM +0100, Lennart Poettering wrote:
> On Mon, 05.01.15 16:03, Lennart Poettering (lenn...@poettering.net) wrote:
>
> > On Mon, 05.01.15 15:02, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl)
> > wrote:
> >
> > > What we can do instead is to implement daemon-reexec
On Mon, 05.01.15 16:03, Lennart Poettering (lenn...@poettering.net) wrote:
> On Mon, 05.01.15 15:02, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:
>
> > What we can do instead is to implement daemon-reexec equivalent for
> > journald. It would simply reexec itself to a new binary and pas
On Mon, Jan 05, 2015 at 02:55:11PM +0100, Zbigniew Jędrzejewski-Szmek wrote:
> > SO_PEERCRED apparently returns the euid/egid of the original
> > process. The UNIX "saved" uid was invented precisely to allow
> > temporarily lowering the euid and later on returning to it. Maybe
> > that's what we sh
On Mon, 05.01.15 15:02, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:
> What we can do instead is to implement daemon-reexec equivalent for
> journald. It would simply reexec itself to a new binary and pass all
> the fds. Some serialization/de-serialization protocol would be necessary
> t
On Mon, 05.01.15 14:55, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:
> On Mon, Jan 05, 2015 at 02:12:45PM +0100, Lennart Poettering wrote:
> > On Thu, 01.01.15 04:40, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl)
> > wrote:
> >
> > Sounds generally OK.
> >
> > > A disadvantage of th
On Mon, Jan 05, 2015 at 02:24:35PM +0100, Tomasz Torcz wrote:
> On Mon, Jan 05, 2015 at 02:12:45PM +0100, Lennart Poettering wrote:
> > On Thu, 01.01.15 04:40, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl)
> > wrote:
> >
> > Sounds generally OK.
> >
> > > A disadvantage of the solution impleme
On Mon, Jan 05, 2015 at 02:12:45PM +0100, Lennart Poettering wrote:
> On Thu, 01.01.15 04:40, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:
>
> Sounds generally OK.
>
> > A disadvantage of the solution implemented here, otoh, is that both
> > systemd and journald must be restarted for it
On Mon, Jan 05, 2015 at 02:12:45PM +0100, Lennart Poettering wrote:
> On Thu, 01.01.15 04:40, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:
>
> Sounds generally OK.
>
> > A disadvantage of the solution implemented here, otoh, is that both
> > systemd and journald must be restarted for it
On Thu, 01.01.15 04:40, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:
Sounds generally OK.
> A disadvantage of the solution implemented here, otoh, is that both
> systemd and journald must be restarted for it to take effect.
This is something I am concerned about. This will break update
When systemd starts a service, it first opens /run/systemd/journal/stdout
socket, and only later switches to the right user.group (if they are
specified). Later on, journald looks at the credentials, and sees
root.root, because credentials are stored at the time the socket is
opened. As a result, a
10 matches
Mail list logo
