On Tue, Jul 07, 2015 at 09:56:45AM +0100, Richard Maw wrote: > On Tue, Jul 07, 2015 at 09:25:21AM +0300, Andrei Borzenkov wrote: > > On Tue, Jul 7, 2015 at 9:02 AM, Dominick Grift <dac.overr...@gmail.com> > > wrote: > > > Would be nice if anyone could at least confirm or deny this issue that > > > I've identified in systemd-nspawn since v220: > > > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1232371 > > > > > > Containers that rely on that functionality stopped working for me since > > > v220 > > > > Ddi you open github issue for that? > > I did. https://github.com/systemd/systemd/issues/475 > > I've got a local fix with https://github.com/systemd/systemd/pull/483, > but it's pending discussion with Dan Walsh about whether this should be > the fix, and https://github.com/systemd/systemd/pull/500 would make the > work-around cleaner.
I do not see why this needs walsh' input. This setexeccon() functionality is implemented all over the place (svirt, selinux-sandbox etc). If it would be compelling to deal with that in either libselinux or glibc then it probably would have been dealth with there already. -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift
pgpJY91AYbLtv.pgp
Description: PGP signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
