Re: [systemd-devel] systemd-216 breaks combined ReadOnlyDirectories / ReadWriteDirectories

Wed, 25 Feb 2015 03:38:09 -0800 


Am 28.01.2015 um 02:48 schrieb Lennart Poettering:

On Tue, 20.01.15 13:48, Reindl Harald ([email protected]) wrote:


after upgrade to Fedora 21 with new systemd namespaces like below no longer
works which breaks *all my systemd-units*

why?

ReadOnlyDirectories=/var/lib
ReadWriteDirectories=/var/lib/mysql


I cannot reproduce this issue with systemd upstream. This appears to
work fine. Any chance you can try to reproduce this with current
upstream?

Do you have any other namespace-related settings in the unit file that
triggers this? Like ProtectSystem= or so? Can you paste the entire
unit file?


here is a sample unit and some tests
https://bugzilla.redhat.com/show_bug.cgi?id=1184016#c29

systemd-213-4.fc21 was the last build without that issue
see sample below, /var/lib/test/subfolder is owned by the user


in general i try to use as much as possible features to restrict 
services to their absolute minimum need

_________________________________________________________________

[root@rawhide ~]# cat /etc/systemd/system/test.service
[Unit]
Description=Test-Service

[Service]
Type=oneshot
User=nobody
Group=nobody
#PermissionsStartOnly=true
#ExecStartPre=/usr/bin/touch /var/lib/test/subfolder/test.txt
ExecStart=/usr/bin/touch /var/lib/test/subfolder/test.txt

ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/var/lib/test
ReadWriteDirectories=/var/lib/test/subfolder
_________________________________________________________________

[root@rawhide ~]# stat /var/lib/test/
  File: '/var/lib/test/'
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 811h/2065d      Inode: 130889      Links: 3
Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2015-02-23 16:41:32.523299826 +0100
Modify: 2015-02-23 16:41:38.617223191 +0100
Change: 2015-02-24 16:17:18.969601190 +0100
 Birth: -

[root@rawhide ~]# stat /var/lib/test/subfolder
  File: '/var/lib/test/subfolder'
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 811h/2065d      Inode: 130912      Links: 2
Access: (0755/drwxr-xr-x)  Uid: (   99/  nobody)   Gid: (   99/  nobody)
Access: 2015-02-24 16:17:19.021782540 +0100
Modify: 2015-02-24 15:01:51.760650707 +0100
Change: 2015-02-24 16:17:19.021782540 +0100
 Birth: -





Attachment:
signature.asc

Description: OpenPGP digital signature


_______________________________________________
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel






















					Reply via email to