[bug#31894] Containerize openntpd service

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#31894] Containerize openntpd service

From:	Ludovic Courtès
Subject:	[bug#31894] Containerize openntpd service
Date:	Tue, 26 Jun 2018 15:48:34 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

Efraim Flashner <address@hidden> skribis:

> On Fri, Jun 22, 2018 at 09:39:01PM +0200, Ludovic Courtès wrote:

[...]

>> One thing though: could you make sure containerization isn’t redundant
>> with what OpenNTPD already does?  Namely, could you grep the source for
>> calls to “chroot”, “unshare”, or “seccomp”?  If it happens to be already
>> doing one of these things, it may be that using a container brings
>> little or nothing.
>> 
>> If it’s OK, please push!
>
> From grepping the source:
>
> ./INSTALL-OpenNTPD always uses Privilege Separation (ie the majority of the
> ./INSTALL:processing is done as a chroot'ed, unprivileged user).
>
> The code also supports the assertion.
>
> it defaults to /var/empty, unless the --with-privsep-path=path flag is
> set, so it looks like my patch is unnecessary after all. :)

Heh, alright.  Perhaps you’ll find another candidate for
containerization.  ;-)

Thanks,
Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#31894] Containerize openntpd service, Efraim Flashner, 2018/06/19
- [bug#31894] Containerize openntpd service, Ludovic Courtès, 2018/06/22
  - bug#31894: Containerize openntpd service, Efraim Flashner, 2018/06/26
    - [bug#31894] Containerize openntpd service, Ludovic Courtès <=

Prev by Date: [bug#31436] [PATCH 0/6] gnu: Add opencl related packages.
Next by Date: [bug#31934] [PATCH] services: sound: Properly handle alsa-plugins.
Previous by thread: bug#31894: Containerize openntpd service
Next by thread: [bug#31896] [PATCH] gnu: emacs-company: Update to 0.9.6.
Index(es):
- Date
- Thread