[systemd-devel] disable "InaccessiblePaths" with a dropin
Lennart Poettering
lennart at poettering.net
Thu Jan 9 09:14:18 UTC 2020
On Do, 09.01.20 06:20, Reindl Harald (h.reindl at thelounge.net) wrote:
> Hi
>
> deployed http.service contains:
>
> * InaccessiblePaths=-/usr/bin/bash
> * InaccessiblePaths=-/usr/bin/dash
> * InaccessiblePaths=-/usr/bin/sh
>
> now there is one instance where passthru() in a php script is desired
>
> /etc/systemd/system/http.service/allow-paths.conf:
> ReadOnlyPaths=-/usr/bin/bash
> ReadOnlyPaths=-/usr/bin/dash
> ReadOnlyPaths=-/usr/bin/sh
>
> that don't work - is there a way to disable specific "InaccessiblePaths"
> from the main unit with a dropin other then clone the whole httpd.service?
If you have InaccessiblePaths=, ReadOnlyPaths=, ReadWritePaths= for
the same path then InaccessiblePaths= wins, as it is the "strongest"
option. And ReadOnlyPaths= wins over ReadWritePaths= as it is stronger
than that.
There's no mechanism for removing individual entries from these paths
lists. You can only reset the whole list by assigning the empty
string, but then you need to start anew with putting together your
list.
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list