Hello Everyone- The rkt container engine wants to run with different permissions pre-start and start. In pre-start it needs to fetch/download the container image which is an unprivileged operation. In start it needs admin level permissions to start the container stage1 (e.g. systemd-nspawn) and mount the root overlayfs.
One way of accomplishing this is: ExecStartPre=/usr/bin/su rktfetchuser -c /usr/bin/rkt fetch quay.io/coreos/etcd blah blah ExecStart=/usr/bin/rkt run $(COREOS_VERSIONS_ETCD_FULL) blah blah The other way would be to create a fetch service and a run service but that is sort of clunky for users to configure. Are there other mechanisms to not require the use of wrappers like su? Thank You, Brandon
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
