Re: [systemd-devel] [PATCH] build-sys: remove commented-out m4 from user@.service
On Mon, Dec 15, 2014 at 04:36:51PM +0100, Lennart Poettering wrote: > On Sun, 14.12.14 19:12, Mantas Mikulėnas (graw...@gmail.com) wrote: > > > Otherwise this actually remains in the generated unit in /usr/lib. > > > > If you want to keep it commented out, a m4-compatible way would be: > > > > m4_ifdef(`HAVE_SMACK', > > dnl Capabilities=cap_mac_admin=i > > dnl SecureBits=keep-caps > > ) > > This really was only a temporary commenting, since the bits broke the > user instance in containers. See > > http://lists.freedesktop.org/archives/systemd-devel/2014-December/026188.html > > We really should find a proper fix for this, instead of just removing > the code for it. Sure, but pulling it out of git history is trivial in either case. And you know what they say about the durability of temporary measures... so I thought it is better to keep the files that the user sees clean. Zbyszek ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] build-sys: remove commented-out m4 from user@.service
On Sun, 14.12.14 19:12, Mantas Mikulėnas (graw...@gmail.com) wrote: > Otherwise this actually remains in the generated unit in /usr/lib. > > If you want to keep it commented out, a m4-compatible way would be: > > m4_ifdef(`HAVE_SMACK', > dnl Capabilities=cap_mac_admin=i > dnl SecureBits=keep-caps > ) This really was only a temporary commenting, since the bits broke the user instance in containers. See http://lists.freedesktop.org/archives/systemd-devel/2014-December/026188.html We really should find a proper fix for this, instead of just removing the code for it. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] build-sys: remove commented-out m4 from user@.service
On Sun, Dec 14, 2014 at 07:12:34PM +0200, Mantas Mikulėnas wrote: > Otherwise this actually remains in the generated unit in /usr/lib. > > If you want to keep it commented out, a m4-compatible way would be: > > m4_ifdef(`HAVE_SMACK', > dnl Capabilities=cap_mac_admin=i > dnl SecureBits=keep-caps > ) Yeah, I guess we don't want to expose the hiccups in our internal process in this way. Applied. Zbyszek ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] build-sys: remove commented-out m4 from user@.service
Otherwise this actually remains in the generated unit in /usr/lib. If you want to keep it commented out, a m4-compatible way would be: m4_ifdef(`HAVE_SMACK', dnl Capabilities=cap_mac_admin=i dnl SecureBits=keep-caps ) --- units/u...@.service.m4.in | 4 1 file changed, 4 deletions(-) diff --git a/units/u...@.service.m4.in b/units/u...@.service.m4.in index 0daa43a..1e21d51 100644 --- a/units/u...@.service.m4.in +++ b/units/u...@.service.m4.in @@ -17,7 +17,3 @@ ExecStart=-@rootlibexecdir@/systemd --user Slice=user-%i.slice KillMode=mixed Delegate=yes -#m4_ifdef(`HAVE_SMACK', -#Capabilities=cap_mac_admin=i -#SecureBits=keep-caps -#) -- 2.2.0 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
