[systemd-devel] jailrooting services with RootDirectory - how ?

Michael Chapman mike at very.puzzling.org
Wed Sep 28 09:26:58 UTC 2022


On Wed, 28 Sep 2022, Branko wrote:
> On Wed, 28 Sep 2022 19:07:14 +1000 (AEST)
> Michael Chapman <mike at very.puzzling.org> wrote:
> 
> 1. ExecSTart is relative to RootDirectory (at least for me).
> 
> 2. I've just simpliefied my service file to equal yours - simle static
> executable in RootDirectory inside /tmp. It works.
> But I can't bind-mount nothing inside tmpfs, so it's kind of
> pointless...
> Try it with chroot somewhere on your disk, e.d. /chroots map or
> something and make the service bind-mount executable there.
> Like BindPaths=/abssolute/path/to/my_debug-exec:absolute path_into
> chroot
> 
> and see if it works.

No.

I've given you a small, self-contained, working example.

It's now your turn to give us a small, self-contained, non-working 
example, and to tell us what error messages and log messages you got for 
it.


More information about the systemd-devel mailing list