[systemd-devel] [PATCH] units: add ConditionPathIsReadWrite for systemd-random-seed.service
Jonathan Liu
net147 at gmail.com
Thu Apr 10 16:02:15 PDT 2014
On 11/04/2014 7:10 AM, Lennart Poettering wrote:
> On Thu, 10.04.14 14:00, Jonathan Liu (net147 at gmail.com) wrote:
>
>> ---
>> units/systemd-random-seed.service.in | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/units/systemd-random-seed.service.in b/units/systemd-random-seed.service.in
>> index 1879b2f..cbe000c 100644
>> --- a/units/systemd-random-seed.service.in
>> +++ b/units/systemd-random-seed.service.in
>> @@ -13,6 +13,7 @@ RequiresMountsFor=@RANDOM_SEED@
>> Conflicts=shutdown.target
>> After=systemd-readahead-collect.service systemd-readahead-replay.service systemd-remount-fs.service
>> Before=sysinit.target shutdown.target
>> +ConditionPathIsReadWrite=@RANDOM_SEED_DIR@
>>
>> [Service]
>> Type=oneshot
> What's the rationale here? I'd argue that the random seed service
> *should* fail if /var is not writable. So what's the logic behind wanting
> to conditionalize this?
>
> Lennart
>
The service was failing when booting off a readonly root filesystem.
It does seem better from a security perspective for the service to fail.
If someone really wants to skip loading/saving the random seed they can
remove it from sysinit.target.wants.
Regards,
Jonathan
More information about the systemd-devel
mailing list