<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Mon, Sep 7, 2015 at 12:45 PM, Ingvar Hagelund <span dir="ltr"><<a href="mailto:ingvar@redpill-linpro.com" target="_blank">ingvar@redpill-linpro.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="">Den 04. sep. 2015 16:29, skrev Ingvar Hagelund:<br>
> Den 04. sep. 2015 01:31, skrev Federico Schwindt:<br>
>> Hi,<br>
>><br>
>> Why not reusing VARNISH_USER and introduce VARNISH_CCGROUP instead of<br>
>> adding VARNISH_JAIL?<br>
><br>
</span>> Because it doesn't work with systemd (...)<br>
<br>
With a little help from Daniel Parthey, I've made a new service/params<br>
set that looks more like the old config:<br>
<br>
<a href="http://users.linpro.no/ingvar/varnish/4.1.0-tp1/varnish.params" rel="noreferrer" target="_blank">http://users.linpro.no/ingvar/varnish/4.1.0-tp1/varnish.params</a><br>
<a href="http://users.linpro.no/ingvar/varnish/4.1.0-tp1/varnish.service" rel="noreferrer" target="_blank">http://users.linpro.no/ingvar/varnish/4.1.0-tp1/varnish.service</a><br></blockquote><div><br></div><div>I was just going to suggest that. Glad to know it works :)<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
For easier upgrade path for users from earlier releases, perhaps we<br>
should just skip VARNISH_CCGROUP, as it's very unlikely that anyone will<br>
ever use it, or reuse the old VARNISH_GROUP?<br></blockquote><div><br>I think we should keep it should anyone want to change it. <br>IIRC in the past there were people having to add varnish to a particular group in order to access the compiler, because C compilers are bad unlike the other 200 ways to run random code in a server. Thanks infosec!<br><br></div><div>f.-<br></div></div></div></div>