Hello. On Sat, Aug 16, 2025 at 07:11:32PM -0400, Demi Marie Obenour <demioben...@gmail.com> wrote: > If the Cloud Hypervisor instance is stopped or exits, the others > should be stopped automatically, as they have no other use. > Having BindsTo=, After=, PropagatesStopTo=, and PropagatesReloadTo= > should handle most cases, but I don't know if that is sufficient > if Cloud Hypervisor exits spontaneously (because the guest shut down) > or crashes.
Maybe vm.service Wants=crosvm.service ... xdf-desktop-portal.service and each of the supporive services would have StopWhenUnneeded=true > Additionally, these services have different sandboxing needs. > Cloud Hypervisor should only be able to connect to its own instance > of the daemons that serve it, rather than to any instance. > crosvm needs GPU and Wayland access and vhost-device-sound needs > to connect to PipeWire. virtiofsd needs an id-mapped mount. > I would also like to block abstract AF_UNIX socket access. > Are there existing systemd features that can easily meet these > needs? See JoinsNamespaceOf= (systemd.unit(5)) whether it'd cover your usage. HTH, Michal
signature.asc
Description: PGP signature
