On Fri, Feb 28, 2014 at 9:36 AM, Josh Triplett <j...@joshtriplett.org>
wrote:
---
Strawman proposal, open to suggestions.
...
+ - Simple conditionals: "C path mode user group - (tmpfiles-line)"
does tmpfiles-line if path has mode, user, and group:
+ C /usr/bin/screen 2755 root utmp - d /var/run/screen 0775 root
utmp
+ C /usr/bin/screen 4755 root utmp - d /var/run/screen 0755 root
utmp
+ C /usr/bin/screen 0755 root utmp - d /var/run/screen 1777 root
utmp
While I know I *just* posted a mail suggesting that more service state
move to unit files... this feels pretty hacky to me.
Are there any use cases other than screen?
I also don't like the idea of admins "configuring" via chmod on stuff
in /usr/bin. OSTree simply won't support that for example.
A lot of this may come back to the discussion about screen and
sessions. If for example, users could request a new headless session,
then most of the screen security-related architecture would be
completely unnecessary with systemd, since the per-user state could
just be hooked off of the per-user runtime dir.
The per-user runtime dir would stay alive because the headless session
would keep the user around.
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
