[systemd-devel] jailrooting services with RootDirectory - how ?
Michael Chapman
mike at very.puzzling.org
Wed Sep 28 09:26:58 UTC 2022
On Wed, 28 Sep 2022, Branko wrote:
> On Wed, 28 Sep 2022 19:07:14 +1000 (AEST)
> Michael Chapman <mike at very.puzzling.org> wrote:
>
> 1. ExecSTart is relative to RootDirectory (at least for me).
>
> 2. I've just simpliefied my service file to equal yours - simle static
> executable in RootDirectory inside /tmp. It works.
> But I can't bind-mount nothing inside tmpfs, so it's kind of
> pointless...
> Try it with chroot somewhere on your disk, e.d. /chroots map or
> something and make the service bind-mount executable there.
> Like BindPaths=/abssolute/path/to/my_debug-exec:absolute path_into
> chroot
>
> and see if it works.
No.
I've given you a small, self-contained, working example.
It's now your turn to give us a small, self-contained, non-working
example, and to tell us what error messages and log messages you got for
it.
More information about the systemd-devel
mailing list