[systemd-devel] jailrooting services with RootDirectory - how ?

Michael Chapman mike at very.puzzling.org
Wed Sep 28 08:11:14 UTC 2022


> Is there a simple demo example that uses it that I could try ?

This worked for me:

    $ cd /tmp/root
    $ cat hello.c
    #include <stdio.h>

    int main(void) {
        puts("Hello, world!");
    }
    $ clang -static -o hello hello.c
    $ cat /etc/systemd/system/hello.service 
    [Service]
    Type=oneshot
    ExecStart=/hello
    RootDirectory=/tmp/root
    $ systemctl daemon-reload
    $ systemctl start hello.service
    $ systemctl status hello.service
    ○ hello.service
         Loaded: loaded (/etc/systemd/system/hello.service; static)
         Active: inactive (dead)

    Sep 28 18:07:35 hostname systemd[1]: Finished hello.service.
    Sep 28 18:08:54 hostname systemd[1]: Starting hello.service...
    Sep 28 18:08:54 hostname hello[510676]: Hello, world!
    Sep 28 18:08:54 hostname systemd[1]: hello.service: Deactivated successfully.
    Sep 28 18:08:54 hostname systemd[1]: Finished hello.service.


More information about the systemd-devel mailing list