[systemd-devel] PrivateNetwork=true conflicts with Type=notify

Lennart Poettering lennart at poettering.net
Wed Sep 11 05:04:45 PDT 2013


On Wed, 11.09.13 13:49, Lennart Poettering (lennart at poettering.net) wrote:

> On Tue, 10.09.13 19:04, Pierre Schmitz (pierre at archlinux.de) wrote:
> 
> heya,
> 
> > when trying to disable network access to the PHP-FPM service I noticed
> > that the service was no longer able to call back to systemd using
> > Type=notify. Systemd then kills the service when reaching the timeout.
> > It seems this could be a limitation by design in which case we might
> > want to warn the user when attepmting such setup.
> 
> Uh, ah. Interesting. So we could actually do something about this, but
> it would break things elsewhere...
> 
> So, the notification socket could either be an abstract namespace
> AF_UNIX socket, or an AF_UNIX socket in the file system. If it is in the
> file system, then it becomes unavailable as soon as the daemon
> chroot()s. If it is in the abstract namespace it becomes unavailable as
> soon as CLONE_NEWNET/PrivateNetworking=yes is used.
> 
> Due to the chroot() situation we changed a couple of times forth and
> back between fs/abstract in the past (most recently
> 29252e9e5bad3b0bcfc45d9bc761aee4b0ece1da).
> 
> I am not sure what is the better choice here... We could of course have
> two sockets, one in the fs and one in the abstract namespace, and then
> pass the right one to the process depending on the setting of
> PrivateNetworking=... But that would not work as soon as the daemon then
> also decides to chroot()/RootDirectory= is used...
> 
> Tricky problem... I am a bit out of ideas. Anyone?

(for now I have documented this behaviour in the man pages.)

Lennart

-- 
Lennart Poettering - Red Hat, Inc.


More information about the systemd-devel mailing list