[systemd-devel] inetd/chroot
Filipe Brandenburger
filbranden at google.com
Fri Mar 9 06:25:21 UTC 2018
Hi,
On Thu, Mar 8, 2018 at 9:17 AM, Fisher, Charles J. (Top Echelon)
<Charles.Fisher at arconic.com> wrote:
> These are the units in question:
>
> # cat /etc/systemd/system/yum.socket
> [Unit]
> Description=yum proxy
>
> [Socket]
> ListenStream=5865
> Accept=yes
>
> [Install]
> WantedBy=sockets.target
>
>
> # cat /etc/systemd/system/yum at .service
> [Unit]
> Description=yum proxy
>
> [Service]
> RootDirectory=/home/fwjail
> ExecStart=-/usr/local/etc/http-gw
> StandardInput=socket
> User=nobody
> Group=nobody
>
>
> Placing the toolkit component in /home/fwjail/usr/local/etc/http-gw, and
> attempting to start the socket fails:
>
> # systemctl start yum.socket
> Job for yum.socket failed. See "systemctl status yum.socket" and
> "journalctl -xe" for details.
>
> However, if I place any file at the corresponding location *outside of the
> chroot* the service will start normally.
Yes, I could reproduce this.
It happens while systemd tries to find the SELinux label of the binary.
I pushed a PR with a fix here:
https://github.com/systemd/systemd/pull/8405
Once it's merged, you might want to ask the maintainers of your distro
to backport it...
Cheers!
Filipe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4851 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20180308/21df873e/attachment-0001.bin>
More information about the systemd-devel
mailing list