[systemd-devel] Securing bind with systemd methods (was: bind-mount of /run/systemd for chrooted bind9/named)

Mantas Mikulėnas grawity at gmail.com
Mon Jul 17 22:10:16 UTC 2023


On Mon, Jul 17, 2023, 15:44 Marc Haber <mh+systemd-devel at zugschlus.de>
wrote:

>
> # /lib is necessary here, or execve will fail without indication for
> # reason - that was a surprise and hard to debug because even strace
> # didnt hint me towards the real issue
> ExecPaths=/usr/sbin/named /usr/sbin/rndc /lib
>

This one in particular is not a systemd issue: All dynamically linked
binaries are executed through /lib/ld-linux*.so as their "interpreter".
(`file` will show the exact path.) I wish that had a dedicated errno,
though.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20230718/19da7ac4/attachment.htm>


More information about the systemd-devel mailing list