[systemd-devel] Antw: Re: Antw: Re: Arbitrary restrictions (e.g. for RuntimeDirectory)
Ulrich Windl
Ulrich.Windl at rz.uni-regensburg.de
Tue May 14 06:39:25 UTC 2019
>>> František Šumšal <frantisek at sumsal.cz> schrieb am 13.05.2019 um 17:13 in
Nachricht <064ac942-a4d7-b547-0705-22f3262f5f29 at sumsal.cz>:
> On 5/13/19 8:20 AM, Ulrich Windl wrote:
>
>>> "systemd‑analyze verify" exists. Since a long long time.
>>
>> Not really: You can't verify a unit file while it's not "installed". Comare
> it
>> to validating an XML file, for example.
>>
>
> That's actually not true. The argument for `systemd-analyze verify` is a
> file name,
> so you verify an arbitrary file for correctness:
So it seems it improved since v228. I filed an enhancement request for
OpenSUSE to upgrade systemd yesterday, BTW...
>
> $ cat > test.service << EOF
>> [Unit]
>> Description=test unit
>>
>> [Service]
>> ExecStrt=/bin/true
>> EOF
> $ systemd-analyze verify test.service
> File /usr/lib/systemd/system/systemd-udevd.service:26 configures an IP
> firewall (IPAddressDeny=any), but the local system does not support
> BPF/cgroup based firewalling.
> Proceeding WITHOUT firewalling in effect! (This warning is only shown for
> the first loaded unit using IP firewalling.)
> /tmp/./test.service:4: Unknown lvalue 'ExecStrt' in section 'Service'
> test.service: Service lacks both ExecStart= and ExecStop= setting.
Refusing.
> Unit test.service has a bad unit file setting.
> $ systemctl status test.service
> Unit test.service could not be found.
>
>
> --
> GPG key ID: 0xFB738CE27B634E4B
More information about the systemd-devel
mailing list