On Mon, 04.04.11 08:45, Albert Strasheim ([email protected]) wrote: > Hello all > > I was wondering if anyone had an example of a service unit that sets > up a chroot jail with RootDirectory= but also mounts /proc, /sys and > maybe a directory with some binaries and configuration inside it?
There is no such example, you still have to set up the chroot dir on your own. There are simply too many variables in this to do that automatically. For example, not even /proc and /sys itself would be without controversy, since some apps might need them, others not, and even others only /proc but not /sys. You can set up an env with a prestart script however. > It feels like this should perhaps be possible with > ReadWriteDirectories and ReadOnlyDirectories, but I can't get it > working. These options control namespaces not chroots. Also, they do not actually duplicate things, they just modify what access the process in the namespace can get on a directory. Lennart -- Lennart Poettering - Red Hat, Inc. _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
