[systemd-devel] disable "InaccessiblePaths" with a dropin

Lennart Poettering lennart at poettering.net
Thu Jan 9 09:14:18 UTC 2020


On Do, 09.01.20 06:20, Reindl Harald (h.reindl at thelounge.net) wrote:

> Hi
>
> deployed http.service contains:
>
>  * InaccessiblePaths=-/usr/bin/bash
>  * InaccessiblePaths=-/usr/bin/dash
>  * InaccessiblePaths=-/usr/bin/sh
>
> now there is one instance where passthru() in a php script is desired
>
> /etc/systemd/system/http.service/allow-paths.conf:
> ReadOnlyPaths=-/usr/bin/bash
> ReadOnlyPaths=-/usr/bin/dash
> ReadOnlyPaths=-/usr/bin/sh
>
> that don't work - is there a way to disable specific "InaccessiblePaths"
> from the main unit with a dropin other then clone the whole httpd.service?

If you have InaccessiblePaths=, ReadOnlyPaths=, ReadWritePaths= for
the same path then InaccessiblePaths= wins, as it is the "strongest"
option. And ReadOnlyPaths= wins over ReadWritePaths= as it is stronger
than that.

There's no mechanism for removing individual entries from these paths
lists. You can only reset the whole list by assigning the empty
string, but then you need to start anew with putting together your
list.

Lennart

--
Lennart Poettering, Berlin


More information about the systemd-devel mailing list