Lennart Poettering
Lennart Poettering
> Finally, could you also elaborate more about the gpg/ssh agents problems? Those should be in a non-root cgroup, i.e. subject to regular (unit induced) termination. people fork them off...
I am not convinced. This is a compat break. Various subsystems expect to be able to read each others files, and they have every right to. I am pretty sure...
> Another idea: `systemd-analyze security` should warn about this. I'm not sure if this is possible, but I think it would be nice if it assigned a relatively high score...
ah, np. enjoy your time off!
So close! Any chance for a rebase?
We really shouldn't check unrelated block devices. This would generate a confusing warning. i.e. just run `systemd-nspawn --image=…` in the background so that you have a loopback block device that...