-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The isolation is not fully cgroup based, also cgroups require/prefer a single manager, this is going to be enforced in kernel someday, so it is better for init to do it as it is a parent of everything. PrivateTmp uses namespaces, so it is a real isolation. same with PrivateNetwork, ProtectSystem, etc. I do not say that you cannot do this from script, but you would have to make cmdline utilities for some of those things, so it is currently not possible. W dniu 09.02.2016 o 17:34, Guus Snijders pisze:
Op 9 feb. 2016 17:27 schreef "Michał Zegan" <webczat_200@poczta.onet.pl>:
A note about using shell scripts in systemd: Who said you can't? and I don't talk about systemd's init.d compatibility that is disabled in arch. Although you have to write unit files, you can start scripts, so you do not really lose flexibility. Also systemd's isolation capabilities are superior, there are some things you currently cannot do from scripts, like PrivateTmp=yes and stuff.
Isolation is AFAIK based on cgroups, not the easiest subject, but certainly not impossible to implement.
PrivateTmp: Does that more then setting $TEMP to a custom value?
I'm just being curious here.
Mvg, Guus Snijders
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWuhmOAAoJEHb1CzgxXKwYns8P/24XkWt9vC/Sngfmcgkjc77I IFjshUljV5sVO4oOHvDb4oPQcPIsACc24feN1pvy/MNtWdeMJJg2MyFYmNy9GkYc z3WqnRr+pFbQZWCCbdtMIvshvJi141DBrPSVoI1T6hfD0wR3ptkHh0n72bcH1HTH VkkjfhAsz4V7i6G8Bt4vOK89kjPKQJF1HieBPiUNZgNBjbhoq/1Nv5jfCW47Dvgl TA3gXJlSAshkCGdogL0WqFyzA/78MDQ3x90DfdLITZ7Yk/G0bpNM9Lk6MJbW/y3E eNnfy8S/D9TcTE5k4ST6DBl3XSLMbr3HlxSUmme+0sfDa4BUz5asTmgMYrdZ5Zfl DIReoDvgld2BEK2sgKk2BkQPPmnblZ7OwDLYPC8QmWCWBzIESshHWgYs0Ditsq8N f3Q15Cj6QDALfxYTlk3TasQ2DRul6S8wFwotEktGYO9Gvi9ktWoFhaVGem1hBB6X 7p3kdEzrwOXQvfqOxqblzPQpTu/0FS9LxRwRcNCKqtqgi6MuRcWeVcKw8pBBJeKe QJudU7pXvjbwovZzPKEfmL2RsJ4Cb+PFR6nnRUUkXjuCfDj69l5LbnnijnLf4U34 ofJYo2MSSlqqjR+MaSUo8DNbZcTmRaVq8TsnUHZHoRbhOPgXKYr4B9HXG3lwSCmF YoP+zd75A/xB51DnVoHq =3gQy -----END PGP SIGNATURE-----