On 10/12/16 13:08, Christian Hesse wrote:
> David Sommerseth on Sat, 2016/12/10 01:03:
>> On 10/12/16 00:19, Christian Hesse wrote:
>>> From: Christian Hesse
>>>
>>> sd_notify() uses a socket to communicate with systemd. Communication
>>> fails if the socket is not available within the chroot. So
On 10/12/16 13:29, Gert Doering wrote:
> Hi,
>
> On Sat, Dec 10, 2016 at 12:19:07AM +0100, Christian Hesse wrote:
>> + int fd;
>> + char * chroot_notify = NULL;
>> +
>> + if (sd_notify(0, "READY=0") > 0)
>> +{
>> + asprintf(&c
Hi,
On Sat, Dec 10, 2016 at 12:19:07AM +0100, Christian Hesse wrote:
> + int fd;
> + char * chroot_notify = NULL;
> +
> + if (sd_notify(0, "READY=0") > 0)
> +{
> + asprintf(&chroot_notify, "%s/notify",
> c->options.chroot_dir
David Sommerseth on Sat, 2016/12/10 01:03:
> On 10/12/16 00:19, Christian Hesse wrote:
> > From: Christian Hesse
> >
> > sd_notify() uses a socket to communicate with systemd. Communication
> > fails if the socket is not available within the chroot. So bind mount
> > the socket into the chroot w
On 10/12/16 00:19, Christian Hesse wrote:
> From: Christian Hesse
>
> sd_notify() uses a socket to communicate with systemd. Communication
> fails if the socket is not available within the chroot. So bind mount
> the socket into the chroot when startet from systemd.
>
> Unsharing namespace and m
From: Christian Hesse
sd_notify() uses a socket to communicate with systemd. Communication
fails if the socket is not available within the chroot. So bind mount
the socket into the chroot when startet from systemd.
Unsharing namespace and mounting requires extra capability CAP_SYS_ADMIN.
Signed
