[systemd-devel] Antw: Re: Arbitrary restrictions (e.g. for RuntimeDirectory)

František Šumšal frantisek at sumsal.cz
Mon May 13 15:13:10 UTC 2019


On 5/13/19 8:20 AM, Ulrich Windl wrote:

>> "systemd‑analyze verify" exists. Since a long long time.
> 
> Not really: You can't verify a unit file while it's not "installed". Comare it
> to validating an XML file, for example.
> 

That's actually not true. The argument for `systemd-analyze verify` is a file name,
so you verify an arbitrary file for correctness:

$ cat > test.service << EOF
> [Unit]
> Description=test unit
> 
> [Service]
> ExecStrt=/bin/true
> EOF
$ systemd-analyze verify test.service 
File /usr/lib/systemd/system/systemd-udevd.service:26 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling.
Proceeding WITHOUT firewalling in effect! (This warning is only shown for the first loaded unit using IP firewalling.)
/tmp/./test.service:4: Unknown lvalue 'ExecStrt' in section 'Service'
test.service: Service lacks both ExecStart= and ExecStop= setting. Refusing.
Unit test.service has a bad unit file setting.
$ systemctl status test.service
Unit test.service could not be found.


-- 
GPG key ID: 0xFB738CE27B634E4B

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20190513/0e2e07a1/attachment-0001.sig>


More information about the systemd-devel mailing list