[systemd-devel] Antw: Re: Antw: Re: Arbitrary restrictions (e.g. for RuntimeDirectory)
Ulrich Windl
Ulrich.Windl at rz.uni-regensburg.de
Tue May 14 14:07:33 UTC 2019
>>> František Šumšal <frantisek at sumsal.cz> schrieb am 14.05.2019 um 15:46 in
Nachricht <da0a6a47-03f2-e5ee-0029-1cb1bb26ec98 at sumsal.cz>:
> On 5/14/19 8:39 AM, Ulrich Windl wrote:
>>>>> František Šumšal <frantisek at sumsal.cz> schrieb am 13.05.2019 um 17:13
in
>> Nachricht <064ac942-a4d7-b547-0705-22f3262f5f29 at sumsal.cz>:
>>> On 5/13/19 8:20 AM, Ulrich Windl wrote:
>>>
>>> That's actually not true. The argument for `systemd-analyze verify` is a
>>> file name,
>>> so you verify an arbitrary file for correctness:
>>
>> So it seems it improved since v228. I filed an enhancement request for
>> OpenSUSE to upgrade systemd yesterday, BTW...
>
> It has always worked this way, iirc, i.e. it was meant to be used for
> offline unit verification, so it should definitely work with systemd v228.
Hmm, like this:?
> systemd-analyze verify /run/systemd/generator.late/iotwatch.target
Failed to open /dev/tty0: Permission denied
Or more like this (in the user directory):?
> systemd-analyze verify systemd/iotwatch.target.in
Failed to open /dev/tty0: Permission denied
Failed to load systemd/iotwatch.target.in: Invalid argument
> systemd --version
systemd 228
+PAM -AUDIT +SELINUX -IMA +APPARMOR -SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT -GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID -ELFUTILS +KMOD -IDN
Regards,
Ulrich
>
> Reference:
> https://github.com/systemd/systemd/commit/8b835fccdad78d89f9cc64f9b02059fb75
> ffbab1
>
>>
>>>
>>> $ cat > test.service << EOF
>>>> [Unit]
>>>> Description=test unit
>>>>
>>>> [Service]
>>>> ExecStrt=/bin/true
>>>> EOF
>>> $ systemd-analyze verify test.service
>>> File /usr/lib/systemd/system/systemd-udevd.service:26 configures an IP
>>> firewall (IPAddressDeny=any), but the local system does not support
>>> BPF/cgroup based firewalling.
>>> Proceeding WITHOUT firewalling in effect! (This warning is only shown for
>>> the first loaded unit using IP firewalling.)
>>> /tmp/./test.service:4: Unknown lvalue 'ExecStrt' in section 'Service'
>>> test.service: Service lacks both ExecStart= and ExecStop= setting.
>> Refusing.
>>> Unit test.service has a bad unit file setting.
>>> $ systemctl status test.service
>>> Unit test.service could not be found.
>>>
>>>
>>> --
>>> GPG key ID: 0xFB738CE27B634E4B
>>
>>
>>
>
>
> --
> GPG key ID: 0xFB738CE27B634E4B
More information about the systemd-devel
mailing list