Lennart Poettering on Nostr: …appropriate for systemd-nspawn with its goal of running a full init system inside ...
…appropriate for systemd-nspawn with its goal of running a full init system inside a container environment, but inappropriate for system services, that should be integrated into the host even if they run at a lower security level, with sandboxing applied.
So, what changed? We realized over time that the logic systemd-nspawn implements is to a large degree the same as the one service management implements, and we basically have two implementations of some non-trivial code in place.
Moreover, …
Published at
2024-12-10 10:35:20Event JSON
{
"id": "65c1bca64401cc48e9631eb8bf31d2ac585f18db604769b3dfe6a04589d3c500",
"pubkey": "1d95c32d9a9d95a54f98eb2eaa156f3d3a71dc49eca2c960b2b89962758f1cc0",
"created_at": 1733826920,
"kind": 1,
"tags": [
[
"e",
"f1254f424345f96f9789a46004e1a440b35c5542b4a5afc0fe5f659676a68899",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://mastodon.social/users/pid_eins/statuses/113628081043764637",
"activitypub"
]
],
"content": "…appropriate for systemd-nspawn with its goal of running a full init system inside a container environment, but inappropriate for system services, that should be integrated into the host even if they run at a lower security level, with sandboxing applied.\n\nSo, what changed? We realized over time that the logic systemd-nspawn implements is to a large degree the same as the one service management implements, and we basically have two implementations of some non-trivial code in place.\n\nMoreover, …",
"sig": "647d8ab04353f2c455f37b335b5c9a69d21126db672e7b6031bbb49517b3fb1362cd65dccf77ebf9dc91e0c24a2b5c74d9dc061021658df2c76f55af8e68195c"
}
