Announcement

Collapse
No announcement yet.

How To Use Systemd For Application Sandboxing & How To Easily Crash Systemd

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How To Use Systemd For Application Sandboxing & How To Easily Crash Systemd

    Phoronix: How To Use Systemd For Application Sandboxing & How To Easily Crash Systemd

    Another one of the interesting systemd.conf 2016 presentations in Berlin was a talk by Djalal Harouni of EndoCode for using systemd to carry out application sandboxing...

    http://www.phoronix.com/scan.php?pag...App-Sandboxing

  • #2
    David Strauss has written a pretty good response to the "in one tweet" blog:

    https://medium.com/@davidtstrauss/ho...61d#.g9jb451d9

    Comment


    • #3
      you can't crash systemd that way, asserts are disabled in production code

      Comment


      • #4
        back to reality https://medium.com/@davidtstrauss/ho...t-c2ccaa58661d

        Comment


        • #5
          I had fun with systemd sandboxing a while back : https://forums.gentoo.org/viewtopic-t-1042754.html and : http://tvheadend.org/boards/4/topics/20621
          I'm using it in production on my home server now.

          S.

          Comment


          • #6
            Originally posted by Serafean View Post
            I had fun with systemd sandboxing a while back : https://forums.gentoo.org/viewtopic-t-1042754.html and : http://tvheadend.org/boards/4/topics/20621
            I'm using it in production on my home server now.

            S.
            Why would you give nginx write access to its data directory?

            Comment


            • #7
              Originally posted by lkundrak View Post
              David Strauss has written a pretty good response to the "in one tweet" blog:

              https://medium.com/@davidtstrauss/ho...61d#.g9jb451d9
              And of course moronix didn't include this in the article.

              Comment


              • #8
                Originally posted by Pawlerson View Post

                And of course moronix didn't include this in the article.
                I don't know about anyone else, but I generally try to ignore people who use petty insults to voice their opinions

                Comment


                • #9
                  Originally posted by lkundrak View Post
                  David Strauss has written a pretty good response to the "in one tweet" blog:

                  https://medium.com/@davidtstrauss/ho...61d#.g9jb451d9
                  I like that he gave the whole blog a good look, but what I didn't like (which for some reason applies to most systemd defenders) is that he calls "missing the bigger picture" "throwing a tantrum". He even admits that valid points were brought up (which is admirable to do for something he supports that much) but he still tries to make the author look childish and discredit him instead of just correcting him!

                  Comment


                  • #10
                    ...this is exactly the kind of thing I, and a few million others, foresaw when systemd first appeared. Ahem. Trying hard to suppress a told-you-so.

                    Comment

                    Working...
                    X