[systemd-devel] Antw: Re: Antw: Re: Arbitrary restrictions (e.g. for RuntimeDirectory)

[František Šumšal]

On 5/14/19 8:39 AM, Ulrich Windl wrote:
>>>> František Šumšal <frantisek at sumsal.cz> schrieb am 13.05.2019 um 17:13 in
> Nachricht <064ac942-a4d7-b547-0705-22f3262f5f29 at sumsal.cz>:
>> On 5/13/19 8:20 AM, Ulrich Windl wrote:
>>
>> That's actually not true. The argument for `systemd-analyze verify` is a 
>> file name,
>> so you verify an arbitrary file for correctness:
> 
> So it seems it improved since v228. I filed an enhancement request for
> OpenSUSE to upgrade systemd yesterday, BTW...

It has always worked this way, iirc, i.e. it was meant to be used for
offline unit verification, so it should definitely work with systemd v228.

Reference:
https://github.com/systemd/systemd/commit/8b835fccdad78d89f9cc64f9b02059fb75ffbab1

> 
>>
>> $ cat > test.service << EOF
>>> [Unit]
>>> Description=test unit
>>>
>>> [Service]
>>> ExecStrt=/bin/true
>>> EOF
>> $ systemd-analyze verify test.service 
>> File /usr/lib/systemd/system/systemd-udevd.service:26 configures an IP 
>> firewall (IPAddressDeny=any), but the local system does not support 
>> BPF/cgroup based firewalling.
>> Proceeding WITHOUT firewalling in effect! (This warning is only shown for 
>> the first loaded unit using IP firewalling.)
>> /tmp/./test.service:4: Unknown lvalue 'ExecStrt' in section 'Service'
>> test.service: Service lacks both ExecStart= and ExecStop= setting.
> Refusing.
>> Unit test.service has a bad unit file setting.
>> $ systemctl status test.service
>> Unit test.service could not be found.
>>
>>
>> -- 
>> GPG key ID: 0xFB738CE27B634E4B
> 
> 
> 


-- 
GPG key ID: 0xFB738CE27B634E4B

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20190514/2057917a/attachment.sig>