From: Zbigniew Jędrzejewski-Szmek Date: Wed, 22 Nov 2017 06:42:08 +0000 (+0100) Subject: Merge pull request #7381 from poettering/cgroup-unified-delegate-rework X-Git-Tag: v236~152 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ffb70e4424554403ddce087a73901a90f5747234;p=thirdparty%2Fsystemd.git Merge pull request #7381 from poettering/cgroup-unified-delegate-rework Fix delegation in the unified hierarchy + more cgroup work --- ffb70e4424554403ddce087a73901a90f5747234 diff --cc TODO index 64fe9559f7d,b18f8b5aa72..9bd68a0ab16 --- a/TODO +++ b/TODO @@@ -80,16 -83,12 +83,20 @@@ Features * maybe hook of xfs/ext4 quotactl() with services? i.e. automatically manage the quota of a the user indicated in User= via unit file settings, like the - other resource management concepts. Would mix nicely with DynamicUser=1 + other resource management concepts. Would mix nicely with DynamicUser=1. Or + alternatively, do this with projids, so that we can also cover services + running as root. Quota should probably cover all the special dirs such as + StateDirectory=, LogsDirectory=, CacheDirectory=, as well as RootDirectory= if it + is set, plus the whole disk space any image configured with RootImage=. +* Introduce "exit" as an EmergencyAction value, and allow to configure a + per-unit success/failure exit code to configure. This would be useful for + running commands inside of services inside of containers, which could then + propagate their failure state all the way up. + +* In DynamicUser= mode: before selecting a UID, use disk quota APIs on relevant + disks to see if the UID is already in use. + * add dissect_image_warn() as a wrapper around dissect_image() that prints friendly log messages for the returned errors, so that we don't have to duplicate that in nspawn, systemd-dissect and PID 1.