The user instance of systemd does not seem to apply the DevicePolicy for
scopes. I.e. I can run:
$ systemd-run --user --scope --property=DevicePolicy=strict glxgears
Running as unit run-994.scope.
... runs fine, should fail to use DRI ...
$ cat /run/user/1000/systemd/user/run-994.scope.d/50-DevicePolicy.conf
[Scope]
DevicePolicy=strict
$ cat /proc/994/cgroup
10:hugetlb:/
9:perf_event:/
8:blkio:/
7:net_cls,net_prio:/
6:freezer:/
5:devices:/user.slice
4:memory:/user.slice
3:cpu,cpuacct:/
2:cpuset:/
1:name=systemd:/user.slice/user-1000.slice/user@1000.service/run-994.scope
This is with systemd-216-20.fc21.x86_64 from Fedora 21 under gnome.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
al...@redhat.com alexander.lars...@gmail.com
He's a world-famous Republican sorceror with a mysterious suitcase
handcuffed to his arm. She's a cynical hip-hop politician from the wrong
side of the tracks. They fight crime!
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
