Lennart Poettering
Lennart Poettering
approach looks pretty good to me.
ipaddressallow/deny doesn't work for unpriv service manager either (its bpf based)
> docs I don't think this needs docs. It's more a "bug fix", if you so will, we simply reported rubbish for user services, and you are fixing tht.
> * maybe even some options that technically apply to user services should be skipped, or weighed differently? in particular, there’s a large block of `CapabilityBoundingSet` options, but user services...
Hmm, why bother? If you suspend your root storage daemons you kinda are asking the system pretty explicitly that you *want* the system to hang?
I am not convinced we want this. It seems entirely unnecessary? root storage daemons are outside of our management, and I see no case for changing that for a case...
but why was that fuse daemon suspended? if you susped your fuse daemon things will hang, that's hardly surprising? And maybe the lesson to learn there is not to suspend...
hmm, i see, indeed. but it sounds wrong to resume stuff that probably shouldn't have been stopped in the first place. it appears to me the fix should be to...
> `kill(-1, ...)` is nice because it is atomic, I think It's not though. The interface has this nice atomic smell to it, but in the kernel it's just a...