Op 9 feb. 2016 17:52 schreef "Damjan Georgievski" <gdamjan@gmail.com>:
On 9 February 2016 at 17:34, Guus Snijders <gsnijders@gmail.com> wrote:
Op 9 feb. 2016 17:27 schreef "MichaĆ Zegan" <webczat_200@poczta.onet.pl :
Although you have to write unit files, you can start scripts, so you do not really lose flexibility. Also systemd's isolation capabilities are superior, there are some things you currently cannot do from scripts, like PrivateTmp=yes and stuff.
Isolation is AFAIK based on cgroups, not the easiest subject, but
certainly
not impossible to implement.
not impossible, if you reimplement systemd :)
;)
PrivateTmp: Does that more then setting $TEMP to a custom value?
I'm just being curious here.
yes, it creates a filesystem/mount namespace for the process(es) and mount's a /tmp/systemd-private-xxxx/ directory as /tmp. from the point of view of the process it will never see anything else from the outer /tmp
Ok, that is a nice trick. Mvg, Guus Snijders