[systemd-devel] Antw: Re: Antw: Re: Arbitrary restrictions (e.g. for RuntimeDirectory)

Ulrich Windl Ulrich.Windl at rz.uni-regensburg.de
Tue May 14 06:39:25 UTC 2019

>>> František Šumšal <frantisek at sumsal.cz> schrieb am 13.05.2019 um 17:13 in
Nachricht <064ac942-a4d7-b547-0705-22f3262f5f29 at sumsal.cz>:
> On 5/13/19 8:20 AM, Ulrich Windl wrote:
>>> "systemd‑analyze verify" exists. Since a long long time.
>> Not really: You can't verify a unit file while it's not "installed". Comare

> it
>> to validating an XML file, for example.
> That's actually not true. The argument for `systemd-analyze verify` is a 
> file name,
> so you verify an arbitrary file for correctness:

So it seems it improved since v228. I filed an enhancement request for
OpenSUSE to upgrade systemd yesterday, BTW...

> $ cat > test.service << EOF
>> [Unit]
>> Description=test unit
>> [Service]
>> ExecStrt=/bin/true
>> EOF
> $ systemd-analyze verify test.service 
> File /usr/lib/systemd/system/systemd-udevd.service:26 configures an IP 
> firewall (IPAddressDeny=any), but the local system does not support 
> BPF/cgroup based firewalling.
> Proceeding WITHOUT firewalling in effect! (This warning is only shown for 
> the first loaded unit using IP firewalling.)
> /tmp/./test.service:4: Unknown lvalue 'ExecStrt' in section 'Service'
> test.service: Service lacks both ExecStart= and ExecStop= setting.
> Unit test.service has a bad unit file setting.
> $ systemctl status test.service
> Unit test.service could not be found.
> -- 
> GPG key ID: 0xFB738CE27B634E4B

More information about the systemd-devel mailing list