[systemd-devel] systemd-216 breaks combined ReadOnlyDirectories / ReadWriteDirectories
Reindl Harald
h.reindl at thelounge.net
Wed Feb 25 03:37:40 PST 2015
Am 28.01.2015 um 02:48 schrieb Lennart Poettering:
> On Tue, 20.01.15 13:48, Reindl Harald (h.reindl at thelounge.net) wrote:
>
>> after upgrade to Fedora 21 with new systemd namespaces like below no longer
>> works which breaks *all my systemd-units*
>>
>> why?
>>
>> ReadOnlyDirectories=/var/lib
>> ReadWriteDirectories=/var/lib/mysql
>
> I cannot reproduce this issue with systemd upstream. This appears to
> work fine. Any chance you can try to reproduce this with current
> upstream?
>
> Do you have any other namespace-related settings in the unit file that
> triggers this? Like ProtectSystem= or so? Can you paste the entire
> unit file?
here is a sample unit and some tests
https://bugzilla.redhat.com/show_bug.cgi?id=1184016#c29
systemd-213-4.fc21 was the last build without that issue
see sample below, /var/lib/test/subfolder is owned by the user
in general i try to use as much as possible features to restrict
services to their absolute minimum need
_________________________________________________________________
[root at rawhide ~]# cat /etc/systemd/system/test.service
[Unit]
Description=Test-Service
[Service]
Type=oneshot
User=nobody
Group=nobody
#PermissionsStartOnly=true
#ExecStartPre=/usr/bin/touch /var/lib/test/subfolder/test.txt
ExecStart=/usr/bin/touch /var/lib/test/subfolder/test.txt
ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/var/lib/test
ReadWriteDirectories=/var/lib/test/subfolder
_________________________________________________________________
[root at rawhide ~]# stat /var/lib/test/
File: '/var/lib/test/'
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 811h/2065d Inode: 130889 Links: 3
Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2015-02-23 16:41:32.523299826 +0100
Modify: 2015-02-23 16:41:38.617223191 +0100
Change: 2015-02-24 16:17:18.969601190 +0100
Birth: -
[root at rawhide ~]# stat /var/lib/test/subfolder
File: '/var/lib/test/subfolder'
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 811h/2065d Inode: 130912 Links: 2
Access: (0755/drwxr-xr-x) Uid: ( 99/ nobody) Gid: ( 99/ nobody)
Access: 2015-02-24 16:17:19.021782540 +0100
Modify: 2015-02-24 15:01:51.760650707 +0100
Change: 2015-02-24 16:17:19.021782540 +0100
Birth: -
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150225/4896dffe/attachment.sig>
More information about the systemd-devel
mailing list