[systemd-devel] systemd-run and -p ProtectSystem=ful
Lennart Poettering
lennart at poettering.net
Mon Jul 25 17:41:32 UTC 2016
On Mon, 25.07.16 19:26, Reindl Harald (h.reindl at thelounge.net) wrote:
> just upgraded to Fedora 24
>
> /usr/bin/systemd-run -t --service-type=oneshot --quiet --nice=19
> --unit=spamfilter-fetch-samples --description=spamfilter-fetch-samples -p
> ProtectSystem=full /usr/bin/php /scripts/test.php
>
> don't log anything useful or return anything, calling a shellscript which is
> using "systemd-run" don't return to the shell while journalctl pretends it
> got executed and has finished
>
> removing "-p ProtectSystem=full" as in F23 works
>
> Jul 25 19:23:51 mail-gw.thelounge.net systemd[1]: Starting
> spamfilter-fetch-samples...
> Jul 25 19:23:51 mail-gw.thelounge.net systemd[1]: Started
> spamfilter-fetch-samples.
> Jul 25 19:24:21 mail-gw.thelounge.net systemd[1]: Starting
> spamfilter-fetch-samples...
> Jul 25 19:24:21 mail-gw.thelounge.net systemd[1]: Started
> spamfilter-fetch-samples.
This works fine here:
# /usr/bin/systemd-run -t /bin/echo hallo
Running as unit: run-r2d66d66cfd3f4386bd80ecdc057846ce.service
Press ^] three times within 1s to disconnect TTY.
hallo
# sudo /usr/bin/systemd-run -t -p ProtectSystem=full /bin/echo hallo
Running as unit: run-r0a6d313f96684ec598ee84fb483f2f48.service
Press ^] three times within 1s to disconnect TTY.
hallo
(this is current git however)
Maybe SELinux is borked for this? Does it work if you turn off SELinux
or put it in permissive mode?
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list