[systemd-devel] Antw: Re: Arbitrary restrictions (e.g. for RuntimeDirectory)
Ulrich Windl
Ulrich.Windl at rz.uni-regensburg.de
Mon May 13 05:54:37 UTC 2019
>>> Andrei Borzenkov <arvidjaar at gmail.com> schrieb am 09.05.2019 um 16:54 in
Nachricht <399aa684-a6bf-af19-dd09-bd670ec60acf at gmail.com>:
> 09.05.2019 13:22, Ulrich Windl пишет:
>> Hi!
>>
>> I had to subscribe to this list, even though I'm no systemd fan. Still I'll
> have to deal with it as the distribution we use switched to systemd...
>>
>> I'm porting my LSB code to systemd, and I'm having some trouble. Cause of
> the trouble (and possible reason for systemd's unpopularity) seems to be
> rather arbitrary restrictions without reasoning (which is completely against
> the GNU spirit of seeking for limitless software).
>>
>> To be concrete: Why isn't it allowed to use an absolute path for
> RuntimeDirectory,
>
> Wild guess - RuntimeDirectory is about security and permitting arbitrary
> path here rather contradicts this goal.
So root can run any program, but the PID of it may not be stored in a
subdirectory for security reasons???
>
>> and wy isn't even a relative path allowed? In my case I have a
> multi-instance daemon, where the instances can be zero to many. To avoid
> namespace conflicts, I created a /var/run/<my_pkg> directroy
>
> systemd does it for you.
That's irrelevant, bacause you are not allowed to use the directory, whoever
creates it.
>
>> where all the instances put their stuff (in separate directories each)
>>
>> Trying "RuntimeDirectory=<my_pkg>/%i" inside <my_pkg>@.service isn't
"accepted".
> Still the instances start, can be checked and stopped, but there is a
message
> when stopped saying
>> systemd[1]: [/usr/lib/systemd/system/<my_pkg>@.service:12] Runtime
directory
> is not valid, ignoring assignment: <my_pkg>/%i
>
> This works here; use of multilevel paths is even documented; granted,
> ability to use specifiers is not that obvious from manual page.
WHich version do you use, and how does your unit file look like?
>
>>
>> As "mkdir -p" exists for at least 25 years, I wonder what this is all
about.
>>
>
> I tentatively suspect that being less aggressive may actually help ...
If a program tells where I have to store my files creates frustration, and
that must go out...
>
>> Despite of that I'm missing a "systemctl validate ..." command. That way I
> wouldn't need to execute start, status, stop, just to find out that some
> settings are rejected.
>>
>> Regards,
>> Ulrich
>>
>>
>>
>> _______________________________________________
>> systemd-devel mailing list
>> systemd-devel at lists.freedesktop.org
>> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>>
>
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
More information about the systemd-devel
mailing list