Lennart Poettering

1️⃣5️⃣ Here's the 15th post highlighting key new features of the just published v260 release of systemd. #systemd260 #systemd

Portable services are a powerful mechanism for shipping services on disk images (DDIs) and attaching them to the local system. It's a really nice way to ship isolated OS trees for services, but at the same time allow relatively close integration with the rest of the OS. (Which is quite unlike docker style containers, which are really about isolation, …

Mar 24 at 1:14pmWeb
Show threadLennart Poettering5d ago

…and integration points with the host OS are very limited, i.e. acess to *local* IPC services isn't really a thing).

So far, portable services have exclusively been a per system thing: you could ship system-level software with this, but not user stuff that runs under some user's own identity. The reason for that was simple: mounting disk images is a privileged operation.

However with recent systemd versions this all changed: there's now a mechanism to mount DDIs unprivileged. And with v260…

Show threadLennart Poettering5d ago

…systemd-portabled has been updated to make use of that: you can invoke portablectl --user … now to attach a service to the per-user service manager instead of the per-system one.

If the DDI in question is properly signed this requires no authentication by default. If it isn't you have to authenticate as super-user to allow this (polkit).

Show threadarrie23h ago
@pid_eins where are user portable services discovered? just the usual system directories or is there a home directory equivalent?