uwsgi systemd config (Type=notify)

Boris Rybalkin ribalkin at gmail.com
Tue Nov 29 16:58:58 UTC 2016


Stuart,

Thanks for update, I will test soon, just setting a build on out build
server.

What about these settings, are they supported in some form?

KillSignal=SIGQUIT
StandardError=syslog
NotifyAccess=all

Also does snapd currently validates that snap does not have something like
this:
command: /usr/bin/foo

I guess my concern is coming from the need to convert systemd to another
format as it will probably grow into some kind of subset of systemd config.
I though snapd would parse native systemd file format and do same
validation instead.

Thanks.


On Tue, Nov 29, 2016 at 11:36 AM, Stuart Bishop <stuart.bishop at canonical.com
> wrote:

>
>
> On 22 November 2016 at 16:41, Boris Rybalkin <ribalkin at gmail.com> wrote:
>
>> Done: https://bugs.launchpad.net/snappy/+bug/1643816
>>
>> I am not sure why snapd tries to have another layer of daemon
>> configuration on top of systemd and not plain systemd template with snap
>> variables.
>>
> If a snap has too much control over the systemd service file that gets
> created, it could use this to escape containment and gain root on the box.
> snapd needs to ensure that the only programs that get launched are
> contained in the snap, and block other issues like killing arbitrary
> processes by pointing to someone elses pid file or overwriting arbitrary
> files by logging somewhere it shouldn't.
>
>
>
> --
> Stuart Bishop <stuart.bishop at canonical.com>
>
> --
> Snapcraft mailing list
> Snapcraft at lists.snapcraft.io
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/snapcraft
>
>


-- 
Boris Rybalkin
ribalkin at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20161129/4fcdd255/attachment.html>


More information about the Snapcraft mailing list