- Desktop
- Enterprise
- Gaming
- Graphics
- Hardware
- Linux Kernel
- Multimedia
- Operating Systems
- Programming
- System Internals
- All Projects
- Latest News
- fate/iamf: add a demux text
- pg_combinebackup: Add --version to --help output
- PostgreSQL: Support SSL_R_VERSION_TOO_LOW when using LibreSSL
- avcodec/mediacodecenc: Add global header support
- tdf#159660: also add normal blend filter
- Linux Kernel: Linux 6.9-rc5
- WINE: Release 9.7.
- Sync psm/evdev/atkbd with FreeBSD
- Latest News (cont.)
- lavfi: Add pad_vaapi filter
- lavfi: Add drawbox_vaapi filter
- Linux Kernel: Linux 6.9-rc4
- Embind: support .implement()-based JS UNO objects
- tdf#33603: sd: rework notes panel
- xwayland: Add SourceValidate hook
- UPower: Release 1.90.4
- timezone: sync to TZDB 2024a
- Linux Kernel: Linux 6.9-rc3
- Optimize pg_popcount() with AVX-512 instructions
- Enhance nbtree ScalarArrayOp execution
Featured content is also available via:
cgroup: support prefix "-" in cgroups whitelisting entries (#4687)
System Internals / systemd - Dongsu Park [endocode.com] - 29 November 2016 13:16 UTC
So far systemd-nspawn container has been creating files under /run/systemd/inaccessible, no matter whether it's running in user namespace or not. That's fine for regular files, dirs, socks, fifos. However, it's not for block and character devices, because kernel doesn't allow them to be created under user namespace. It results in warnings at booting like that:
Couldn't stat device /run/systemd/inaccessible/chr Couldn't stat device /run/systemd/inaccessible/blk
Thus we need to have the cgroups whitelisting handler to silently ignore a file, when the device path is prefixed with "-". That's exactly the same convention used in directives like ReadOnlyPaths=. Also insert the prefix "-" to inaccessible entries.
e7330df cgroup: support prefix "-" in cgroups whitelisting entries (#4687)
src/core/cgroup.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
Upstream: github.com
Related systemd Activity
- hwdb: Endless ELT-NL3 accelerometer support
Daniel Drake - core, job: fix breakage of ordering dependencies by systemctl reload command
HATAYAMA Daisuke - machined: split out machine registration stuff from logind
Lennart Poettering - systemctl: refuse to edit runtime dropins when they already exist in /etc
Zbigniew Jędrzejewski-Szmek
Share
- Tweet
Recent systemd Activity
- hwdb: add Medion Akoya E2228T MD61900 (#18317)
corvusnix - varlink: make 'userdata' pointer inheritance from varlink server to connection optional
Lennart Poettering - udev: use DEFINE_MAIN_FUNCTION in cdrom_id
Dan Streetman - network: add support to RoutingPolicyRule lookup table name
Susant Sahani - resolved: fix use-after-free with queries hitting the cache
Zbigniew Jędrzejewski-Szmek