systemd: remove options unsupported in user daemon #50
Conversation
Many unit options are documented to not work in the user daemons, usually with the following note in the systemd.exec(5) man page: > This option is only available for system services and is not supported > for services running in per-user instances of the service manager. In some circumstances these settings work where user namespaces are supported (by setting the `PrivateUser` option). However users namespaces are disabled on most distributions. This changeset pares the options to those supported in user daemons to allow for ease of use for users. Fixes: FiloSottile#49
|
Hi! I would say user namespaces are enabled on most modern distribution these days but since it has already been a source of trouble (#41) it might be easier for everyone if those options are removed. Downstream packagers can still add them back. |
|
If we decide to move forward with this, I'm happy to reword the commit message to better reflect the problem (older systemd versions). |
|
Sad, but it sounds like the systemd ecosystem was not built to enable upstreams to sandbox our applications effectively. Merging, thank you. |
Hm, I wouldn't think this is per se true - it just seems older versions contain a bug, causing failures when some sandboxing options are requested, but user namespaces disabled. |
Many unit options are documented to not work in the user daemons,
usually with the following note in the systemd.exec(5) man page:
In some circumstances these settings work where user namespaces are
supported (by setting the
PrivateUseroption). However usersnamespaces are disabled on most distributions.
This changeset pares the options to those supported in user daemons to
allow for ease of use for users.
Fixes: #49
CC: @flokli @LeSuisse @mdlayher as previous contributors to the systemd unit.