s-hamann

I think I have a different problem with the same underlying issue. I run Mopidy as a system service and would like to give Iris the permission to refresh the...

> Mir ist kein Weg bekannt, eine GUI Application in einem Docker Container laufen zu lassen. Es ist durchaus möglich, GUI-Anwendungen in einem Container laufen zu lassen, allerdings nicht ganz...

> So perhaps there should be an perm_acme permission flag, instead of going the subname route? Personally, I would prefer the subname/record-type route. It covers more use cases. For example,...

You are also missing the seccomp filter ``` --security-opt seccomp=unconfined ``` Docker's default seccomp filter blocks the `clone` and `unshare` syscalls (among others), which bubblewrap needs to create a new...

Yes, tests would make sense. I'll see if I can find the time.

> Alternatively, one could detect whether an argument is a path at all and apply `expand_path` accordingly. I believe, detecting paths is inherently hard. Sure, you can reliably detect URLs...

Just in case anyone else stumbles on this, here is my workaround. It first runs `openssh_cert` without a serial in check mode and only if that would change (i.e. (re-)generate)...

Since no-one seems to have mentioned this before: `tmpfs` mounts are also missing. This is quite a limitation for me, since I tend to have a few `tmpfs` mounts on...

> We hear you. Great to hear that 🙂 > 1. Would $CWD/.cache/something be better? Wouldn't that just clutter everything with `.cache` folders instead of `.ansible` folders? > 2. How...

A closely related use case would be to have a token restricted to ACME challenges only. As they are located at `_acme-challenge.`, the "and children"-bit would not help here. Maybe...