LOL+ I had to major breakthroughs on this:
1. I found the right way in d/rules to get the .mount unit started
2. I had a great discussion about "the other POV" on this [1] and I must say that I agree.
As much as this can be a comfort function it can also be
a) less reasons to finally restart into upgraded code
b) leave security vulnerable code around
For that I think we really want to make this available, but also NOT enabled by default.
As an opt-in that makes sense.
Current plan - I'll prep changes along this one here that does:
- install the .mount but NOT start/enable it (the admin has to opt in)
The admin also can pick any other way he prefers to make /run/qemu not have noexec
- define a /etc/.. place to enable this feature, and otherwise have the postrm not even
copy the old bits.
LOL+ I had to major breakthroughs on this:
1. I found the right way in d/rules to get the .mount unit started
2. I had a great discussion about "the other POV" on this [1] and I must say that I agree.
As much as this can be a comfort function it can also be
a) less reasons to finally restart into upgraded code
b) leave security vulnerable code around
For that I think we really want to make this available, but also NOT enabled by default.
As an opt-in that makes sense.
Current plan - I'll prep changes along this one here that does:
- install the .mount but NOT start/enable it (the admin has to opt in)
The admin also can pick any other way he prefers to make /run/qemu not have noexec
- define a /etc/.. place to enable this feature, and otherwise have the postrm not even
copy the old bits.
[1]: