[systemd-devel] Behavior regarding ReadWriteDirectories= and otheres
Lennart Poettering
lennart at poettering.net
Thu Jul 3 07:28:45 PDT 2014
On Sun, 15.06.14 09:52, Jan Janssen (medhefgo at web.de) wrote:
> Hi,
>
> while booting this morning I noticed that a service I wrote which
> had a very paranoid
> PrivateTmp=yes
> ReadOnlyDirectories=/
> ReadWriteDirectories=/var/cache/something
> which used to work quite nicely was failing to start. It seems that
> ever since the recent changes with the addition of ProtectSystem=,
> this particular service doesn't get access to its /tmp (or /var/tmp)
> because ReadOnlyDirectories is applied recursively. Even adding /tmp
> to the ReadWriteDirectories will not fix this.
>
> I do know about ProtectSystem and ProtectHome, but I would argue
> that for a service that can handle it, a more paranoid setting like
> the above would be superior and should be available and supported.
> Is this intentionally not supported (any more)?
Fixed in git! Thanks!
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list