[systemd-devel] BindPaths in user service?

Mantas Mikulėnas grawity at gmail.com
Sat Feb 17 20:49:08 UTC 2018

On Sat, Feb 17, 2018, 20:42 Mirosław Zalewski <miniopl at poczta.onet.pl>

> Hi
> I have a service that should run under user systemd instance. It needs
> access to directory outside of it's usual paths and does not follow
> symlinks, so I figured that `mount --bind` might be a way to go.
> However, I can't make BindPaths= directive work in user service file.
> It seems that directive is simply ignored. I can reproduce the issue
> using systemd-run:
> $ systemd-run -qt -p BindReadOnlyPaths=/run/user/1000/:/tmp/bindmount/
> /bin/ls -a /tmp/bindmount/
> .   bus     dconf  gvfs         klauncherJ21213.1.slave-socket
> ksocket-user    pulse      systemd
> ..  dbus-1  gnupg  kdeinit5__0  KSMserver__0
> kwallet5.socket  rsnapshot
> $ systemd-run -qt --user -p
> BindReadOnlyPaths=/run/user/1000/:/tmp/bindmount/ /bin/ls -a /tmp/bindmount/
> .  ..
> Is this by design? I don't see any mention of this limitation in man
> entries for systemd.mount and for systemd.exec.

It's not a systemd limitation. Mounting is a privileged operation in Linux
and only available to root (or processes with the correct capabilities).
Your systemd instance only has the same privileges you yourself have.

> --

Mantas Mikulėnas <grawity at gmail.com>
Sent from my phone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20180217/184e0a6b/attachment.html>

More information about the systemd-devel mailing list