[systemd-devel] how to debug failures when trying to lock down services
Michael Biebl
mbiebl at gmail.com
Thu Nov 30 03:27:26 UTC 2017
Hi,
today I tried to lock down the rsyslog.service that I have on my system.
For that I first created an override.conf that contained
[Service]
ProtectHome=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
ReadWritePaths=/var/log
ReadWritePaths=/var/spool/rsyslog
ReadWritePaths=/proc/kmsg
CapabilityBoundingSet=CAP_SYSLOG
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
Unfortunately, rsyslog.service failed to start:
● rsyslog.service - System Logging Service
Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled;
vendor preset: enabled)
Drop-In: /etc/systemd/system/rsyslog.service.d
└─override.conf
Active: failed (Result: exit-code) since Thu 2017-11-30 04:25:03 CET; 2s ago
Docs: man:rsyslogd(8)
http://www.rsyslog.com/doc/
Process: 2734 ExecStart=/usr/sbin/rsyslogd -n (code=exited, status=1/FAILURE)
Main PID: 2734 (code=exited, status=1/FAILURE)
Nov 30 04:25:03 pluto systemd[1]: rsyslog.service: Service hold-off
time over, scheduling restart.
Nov 30 04:25:03 pluto systemd[1]: rsyslog.service: Scheduled restart
job, restart counter is at 5.
Nov 30 04:25:03 pluto systemd[1]: Stopped System Logging Service.
Nov 30 04:25:03 pluto systemd[1]: rsyslog.service: Start request
repeated too quickly.
Nov 30 04:25:03 pluto systemd[1]: rsyslog.service: Failed with result
'exit-code'.
Nov 30 04:25:03 pluto systemd[1]: Failed to start System Logging Service.
The journal doesn't contain anything useful.
Any hints how I can further debug this why rsyslog fails to start?
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
More information about the systemd-devel
mailing list