On Thu, 22.01.15 15:53, Christian Seiler ([email protected]) wrote: > Nevertheless, I think it would be great if this could also be fixed, > because you never know what other applications people might come up > with. > > The solution would probably be to just add a code path to chown > the directory instead of mounting a tmpfs on top of it. That doesn't > separate users from root inside the container quite as much, but in > containers without CAP_SYS_ADMIN, I think that's a trade-off that's > worth making. > > What do you think?
Yeah, I agree. If we cannot mount the tmpfs due to EPERM we should add a fallback to use a simple directory instead. Would be happy to take a patch for that. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
