https://bugzilla.novell.com/show_bug.cgi?id=828207
https://bugzilla.novell.com/show_bug.cgi?id=828207#c8
--- Comment #8 from Frederic Crozat
I discussed with Sebastian the day before yesterday. He said that there are functions in code that are not in org.freedesktop.machine1.conf. Could you possibly comment on that, please? 'KillMachine' and 'CreateMachine' are for example not included.
This is wanted (I've checked with upstream). They are supposed to be only used by root, therefore, aren't added in the dbus policy, to ensure nobody else can call them.
2) Can you provide a test setup with the new features set up?
I can try to work on that (I basically need to install a system and inside that system, install a chroot system (or application) to use systemd-nspawn to demonstrate machined usage.
Considering that this sounds very complex, I think a review makes even more sense. But again, no worries, I will try to be as fast as I can of course.
Well, it was much easier than expected (thanks to coolo for helping me quickly setup a chroot) ;) (In reply to comment #6)
One additional question: 'KillMachine'`s job apparently is to kill processes (unix processes) (vms). Is this correct?
Yes, KillMachine will cause systemd to kill the scope of the machine, ie either killing its main PID or control PID (or all PID, depending on the configuration) or removing the cgroup for this scope, causing all processes in it to be terminated.
Can this result in an issue? I'm thinking of an malicious user (operating locally) who kills virtual machines of other users on the same system. Or, even killing a process that is not a vm at all.
that's why KillMachine is restricted to root. Nobody else can call it. (In reply to comment #7)
Will there possibly be files created in 'RootDirectory' (member of Machine objects) upon CreateMachine()?
CreateMachine itself doesn't write anything in RootDirectory, it will only setup the needed cgroup for the container and use root_directory as "chroot". -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.