Lennart Poettering
Lennart Poettering
Is this still relevant, since 6546045fa0bf84737bd8b2e1e8bf7dd3941d8352 has been merged?
Linux doesn't virtualize devtmpfs + sysfs + uevents for containers. This means any kind of device node passthrough is always a mess since incomplete. The raw device nodes might work,...
hmm, we should make idmap stuff work for --bind= of device nodes. And probably in a way that the resulting inode is owned by the container's root user.
so tmpfs (and devtmpfs is just a tmpfs instance) doesn't support idmapped mounts currently, so the --bind= thing is currently incompatible with userns. tmpfs/idmap support is on our kernel wishlist:...
Now that kernel 6.3 gained support for uidmapping tmpfs mounts I guess we can close this?
Frankly, no I am not grokking this at all? the shall you are typing this from, is that regularly forked off from pid 1, or is that one externally inserted...
This sounds like something we should just make clearer via a big comment in our default resolved.conf file.
While in most setups I think DNS should be configured per-interface/per-network, we cannot ignore the fact that there are scenarios where this isn't desirable, already for "conceptual compatibility", or because...
> If it were possible to define multiple servers+domains pairs handling single interface, that approach might work. But when using encrypted DNS for privacy on travels with a laptop, I...
> Hi Lennart, of course systemd-resolved should continue to allow configuring global DNS or per-network DNS. The problem occurs when you have both configured _at the same time_, then the...