[systemd-devel] jailrooting services with RootDirectory - how ?

Luca Boccassi bluca at debian.org
Wed Sep 28 22:33:22 UTC 2022


On Wed, 2022-09-28 at 09:59 +0000, Branko wrote:
> On Wed, 28 Sep 2022 19:26:58 +1000 (AEST)
> Michael Chapman <mike at very.puzzling.org> wrote:
> 
> > On Wed, 28 Sep 2022, Branko wrote:
> >  [...]  
> > 
> > No.
> > 
> > I've given you a small, self-contained, working example.
> > 
> > It's now your turn to give us a small, self-contained, non-working 
> > example, and to tell us what error messages and log messages you got
> > for it.
> 
> OK. I h
> Here is my_debug source:
> ************************
> include <stdio.h>
> 
> int main()	{
>         printf("************ IT's WORKING ***************\n");
> }
> *******************************
> It was compiled with "gcc --static -o my_debug my_debug.c"
> executable is placed in /usr/local/bin/my_debug
> 
> 
> Service file:
> ********************************
> [Service]
> Type=exec
> ExecStart=/usr/local/bin/my_debug
> RootDirectory=/CHROOTS/my_debug
> BindPaths=/usr/local/bin/my_debug:/CHROOTS/my_debug/usr/local/bin/my_debug
> # just in case
> BindPaths=/lib:/CHROOTS/my_debug/lib
> BindPaths=/lib64:/CHROOTS/my_debug/lib64
> BindPaths=/usr/lib64:/CHROOTS/my_debug/usr/lib64
> BindPaths=/usr/lib:/CHROOTS/my_debug/usr/lib
> ********************************************

https://www.freedesktop.org/software/systemd/man/systemd.exec.html#BindPaths=

"This option is particularly useful when RootDirectory=/RootImage= is
used. In this case the source path refers to a path on the host file
system, while the destination path refers to a path below the root
directory of the unit."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20220928/9348defb/attachment.sig>


More information about the systemd-devel mailing list