Lennart Poettering on Nostr: …have systemd-nspawn as a full-OS container centric frontend to it. Hence, with ...
…have systemd-nspawn as a full-OS container centric frontend to it.
Hence, with this release we now add PrivatePIDs= which adds the key requirement to run full OS containers as regular system services (without any further container mgr in the mix). There is more work to be done, but one of the most basic/fundamental steps is now done.
PrivatePIDs= should really not be misunderstood as "just another sandboxing" option. Because it really isn't. It's changes semantics a lot more than…
Hence, with this release we now add PrivatePIDs= which adds the key requirement to run full OS containers as regular system services (without any further container mgr in the mix). There is more work to be done, but one of the most basic/fundamental steps is now done.
PrivatePIDs= should really not be misunderstood as "just another sandboxing" option. Because it really isn't. It's changes semantics a lot more than…