[systemd-devel] BindPaths in user service?
Mantas Mikulėnas
grawity at gmail.com
Sat Feb 17 20:49:08 UTC 2018
On Sat, Feb 17, 2018, 20:42 Mirosław Zalewski <miniopl at poczta.onet.pl>
wrote:
> Hi
>
> I have a service that should run under user systemd instance. It needs
> access to directory outside of it's usual paths and does not follow
> symlinks, so I figured that `mount --bind` might be a way to go.
>
> However, I can't make BindPaths= directive work in user service file.
> It seems that directive is simply ignored. I can reproduce the issue
> using systemd-run:
>
> $ systemd-run -qt -p BindReadOnlyPaths=/run/user/1000/:/tmp/bindmount/
> /bin/ls -a /tmp/bindmount/
> . bus dconf gvfs klauncherJ21213.1.slave-socket
> ksocket-user pulse systemd
> .. dbus-1 gnupg kdeinit5__0 KSMserver__0
> kwallet5.socket rsnapshot
>
> $ systemd-run -qt --user -p
> BindReadOnlyPaths=/run/user/1000/:/tmp/bindmount/ /bin/ls -a /tmp/bindmount/
> . ..
>
>
> Is this by design? I don't see any mention of this limitation in man
> entries for systemd.mount and for systemd.exec.
>
It's not a systemd limitation. Mounting is a privileged operation in Linux
and only available to root (or processes with the correct capabilities).
Your systemd instance only has the same privileges you yourself have.
> --
Mantas Mikulėnas <grawity at gmail.com>
Sent from my phone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20180217/184e0a6b/attachment.html>
More information about the systemd-devel
mailing list