systemd: use PrivateUsers= in user unit

MusicPlayerDaemon / mpdscribble

a MPD client which submits information about tracks being played to a scrobbler (e.g. last.fm)

GNU General Public License v2.0

114 stars 15 forks source link

systemd: use PrivateUsers= in user unit #49

Closed bluca closed 1 year ago

bluca commented 1 year ago

ProtectSystem= and other sandboxing options require a user namespace in order to work as user units (the user manager does not run as root and thus without a user namespace it is unable to perform mounts).

We are looking to enable this implicitly. Very few user units use these options, so want to make sure it is intentional and won't cause regressions. The alternative is to remove ProtectSystem=.

bluca commented 1 year ago

@MaxKellermann thank you! Could you please have a quick look at https://github.com/MusicPlayerDaemon/MPD/pull/1661 too?

MaxKellermann commented 1 year ago

Will do, sorry for the delay, dayjob is killing all of my daytime (and nighttime) currently.