On Mon, Sep 7, 2015 at 12:45 PM, Ingvar Hagelund <[email protected]> wrote:
> Den 04. sep. 2015 16:29, skrev Ingvar Hagelund: > > Den 04. sep. 2015 01:31, skrev Federico Schwindt: > >> Hi, > >> > >> Why not reusing VARNISH_USER and introduce VARNISH_CCGROUP instead of > >> adding VARNISH_JAIL? > > > > Because it doesn't work with systemd (...) > > With a little help from Daniel Parthey, I've made a new service/params > set that looks more like the old config: > > http://users.linpro.no/ingvar/varnish/4.1.0-tp1/varnish.params > http://users.linpro.no/ingvar/varnish/4.1.0-tp1/varnish.service > I was just going to suggest that. Glad to know it works :) > > For easier upgrade path for users from earlier releases, perhaps we > should just skip VARNISH_CCGROUP, as it's very unlikely that anyone will > ever use it, or reuse the old VARNISH_GROUP? > I think we should keep it should anyone want to change it. IIRC in the past there were people having to add varnish to a particular group in order to access the compiler, because C compilers are bad unlike the other 200 ways to run random code in a server. Thanks infosec! f.-
_______________________________________________ varnish-dev mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev
