F21 System Wide Change: PrivateDevices=yes and PrivateNetwork=yes For Long-Running Services
Miloslav Trmač
mitr at volny.cz
Thu Mar 27 17:45:45 UTC 2014
2014-03-26 15:06 GMT+01:00 Jaroslav Reznik <jreznik at redhat.com>:
> == Detailed Description ==
> When PrivateDevices=yes is set in the [Service] section of a systemd service
> unit file, the processes run for the service will run in a private file system
> namespace
IIRC the kernel has had some issues with scaling to dozens or hundreds
of namespaces (which was noticeable with Docker). Can I assume these
are either fixed or not applicable to this usage?
> == Scope ==
> * Policies and guidelines:
> It might be nice to update the packaging policies to also recommend making use
> of these settings.
Yes, "it might be". Do you plan to propose such a guideline update to
FPC, or is this an "if somebody else cares" item?
Mirek
More information about the devel
mailing list