PORTABLE_SERVICES.md - OpenGrok cross reference for /systemd-251/docs/PORTABLE

Lines Matching refs:of
10 systemd (since version 239) supports a concept of "Portable Services".
12 two specific features of container management:
17 2. Stricter default security policies, i.e. sand-boxing of applications.
23 is put together known concepts to cover a specific set of use-cases in a
28 A portable service is ultimately just an OS tree, either inside of a directory,
36 The OS tree/image can be created with any tool of your choice. For example, you
62 root directory than the rest of the system. Hence, the intent is not to run
67 One point of differentiation: since programs running as "portable services" are
69 under Docker), but as normal processes. A corollary of that is that they aren't
71 the execution environment is mostly shared with the rest of the system.
73 The primary focus use-case of "portable services" is to extend the host system
75 of the system, though possibly restricted by security knobs. This focus
83 ## Mode of Operation
94 1. It dissects the image, checks and validates the `os-release` file of the
97 2. It copies out all unit files with a suffix of `.service`, `.socket`,
102    name of `foobar_0.7.23.raw` all unit files matching
107    are placed in `/etc/systemd/system.attached/` (which is part of the normal
108    unit file search path of PID 1, and thus loaded exactly like regular unit
114    `foobar-waldo.service` was one of the unit files copied to
117    created, containing a few lines of additional configuration:
128    the `default` profile is used, which provides a medium level of security.
145 Note that `portablectl attach` won't enable or start any of the units it copies
151 operation on the units instead of `stop` plus `start`, thus providing lower
171    of properly marked partitions following the
177    image. (The implementation will check a couple of other paths too, but it's
199 or `mkosi` generally satisfy all of the above. If you wonder what the most
201 consist of this:
219 Note that qualifying images do not have to contain an init system of their
224 If the image is writable, and some of the files or directories that are
230 straightforward to define images than can be made use of in a number of
247 image. As mentioned, `mkosi -b` takes care of all of that for you, but any
261 portable service image, and any set of units included in the image may be
271 The `--extension` parameter of `portablectl` can be used to specify as many upper
272 layers as desired. On top of the requirements listed in the previous section, the
307 `default` profile mentioned above makes use of this to ensure
313 Sometimes it makes sense to instantiate the same set of services multiple
326 The benefit of this approach is that templating works exactly the same for
332 operation. In fact all but the `trusted` profile will default to this kind of