On Sun, 19.10.14 12:05, Martin Pitt (martin.p...@ubuntu.com) wrote: > Hello all, > > in Debian/Ubuntu we don't use the merged /usr tree for now. systemd > generally supports that (HAVE_SPLIT_USR), but doesn't consider that > for ProtectSystem=. > > Ansgar (CC'ed) wrote a Debian specific patch for that some months ago. > I generalized it for upstream now. > > Thanks for considering,
I am sorry, but this is nothing we want to support. Monopolizing the OS in /usr is what makes ProtectSystem= work. If you split things up into many dirs then you will simply not get the same level of protection. We will not try to list every possible dirs that the OS might be split up to in systemd. Note that your patch is likely to break systems that have the dirs you list as symlinks (which all systems that have /usr merged have). Also note that it hardcodes x86_64 peculiarities in an arch-independent way, which looks pretty wrong too. We are fine with supporting HAVE_SPLIT_USR work to the level where things generally work, but given that ProtectSystem= is only an extra layer of protection where nothing breaks if it doesn't fully protect systems that haven't done the usr-merge I think applying this patch is not useful. Sorry if that's disappointing, but this patch is really something to carry downstream if at all. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
