Your message dated Thu, 12 Jan 2017 16:20:13 +0000 with message-id <e1cri6n-0004sg...@fasolo.debian.org> and subject line Bug#781730: fixed in systemd 232-9 has caused the Debian Bug report #781730, regarding systemd: Instance variable %i not available for ReadWriteDirectories to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 781730: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781730 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: systemd Version: 215-12 Severity: normal Tags: upstream Hi, this also affects experimental (219-5) We're trying to run multiple DHCP processes on one system. They have their data in a instance-specific configuration directory and we'd like to limit (r/w for now) filesystem access to that directory for security reasons. ==> dhcpd@.service <== [Unit] Description=DHCP Instance %i After=syslog.target After=network.target [Service] ExecStart=/usr/sbin/dhcpd -cf /var/lib/dhcp/%i/etc/dhcpd.conf -lf /var/lib/dhcp/%i/db/dhcpd.leases -pf /var/lib/dhcp/%i/dhcpd.pid -f Type=simple Restart=on-failure CapabilityBoundingSet=CAP_NET_RAW CAP_NET_BIND_SERVICE NoNewPrivileges=true ReadOnlyDirectories=/ ReadWriteDirectories=/var/lib/dhcp/%i This does not work Apr 02 11:02:38 dns-w-neu systemd[1]: Started DHCP Instance b1peer2. Apr 02 11:02:38 dns-w-neu systemd[1]: Starting DHCP Instance b1peer2... Apr 02 11:02:38 dns-w-neu systemd[7760]: Failed at step NAMESPACE spawning /usr/sbin/dhcpd: No such file or directory Apr 02 11:02:38 dns-w-neu systemd[1]: dhcpd@b1peer2.service: main process exited, code=exited, status=226/NAMESPACE Apr 02 11:02:38 dns-w-neu systemd[1]: Unit dhcpd@b1peer2.service entered failed state. Apr 02 11:02:38 dns-w-neu systemd[1]: dhcpd@b1peer2.service failed. Apr 02 11:02:38 dns-w-neu systemd[1]: dhcpd@b1peer2.service holdoff time over, scheduling restart. The directory exists root@dns-w-neu:/var/lib/dhcp# ls -lad b1peer2 drwxr-xr-x 4 root root 4096 Apr 1 16:40 b1peer2 it works fine with either ReadWriteDirectories=/var/lib/dhcp and ReadWriteDirectories=/var/lib/dhcp/b1peer2 (which obviously won't work with other instances, but that's not the point here). So it seems that %i is not evaluated in ReadWriteDirectories (at least). Bernhard
--- End Message ---
--- Begin Message ---Source: systemd Source-Version: 232-9 We believe that the bug you reported is fixed in the latest version of systemd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 781...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Biebl <bi...@debian.org> (supplier of updated systemd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 12 Jan 2017 16:59:22 +0100 Source: systemd Binary: systemd systemd-sysv systemd-container systemd-journal-remote systemd-coredump libpam-systemd libnss-myhostname libnss-mymachines libnss-resolve libnss-systemd libsystemd0 libsystemd-dev udev libudev1 libudev-dev udev-udeb libudev1-udeb Architecture: source Version: 232-9 Distribution: unstable Urgency: medium Maintainer: Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org> Changed-By: Michael Biebl <bi...@debian.org> Description: libnss-myhostname - nss module providing fallback resolution for the current hostname libnss-mymachines - nss module to resolve hostnames for local container instances libnss-resolve - nss module to resolve names via systemd-resolved libnss-systemd - nss module providing dynamic user and group name resolution libpam-systemd - system and service manager - PAM module libsystemd-dev - systemd utility library - development files libsystemd0 - systemd utility library libudev-dev - libudev development files libudev1 - libudev shared library libudev1-udeb - libudev shared library (udeb) systemd - system and service manager systemd-container - systemd container/nspawn tools systemd-coredump - tools for storing and retrieving coredumps systemd-journal-remote - tools for sending and receiving remote journal logs systemd-sysv - system and service manager - SysV links udev - /dev/ and hotplug management daemon udev-udeb - /dev/ and hotplug management daemon (udeb) Closes: 781730 802018 Changes: systemd (232-9) unstable; urgency=medium . * Use --disable-wheel-group configure switch. Instead of mangling the tmpfiles via sed to remove the wheel group, use the configure switch which was added upstream in v230. See https://github.com/systemd/systemd/issues/2492 * Update debian/copyright. Bob Jenkins released the lookup3.[ch] files as public domain which means there is no copyright holder. * Drop fallback for older reportbug versions when attaching files * debian/extra/init-functions.d/40-systemd: Stop checking for init env var. This env variable is no longer set when systemd executes a service so it's pointless to check for it. * debian/extra/init-functions.d/40-systemd: Stop setting _SYSTEMCTL_SKIP_REDIRECT=true. It seems we don't actually need it to detect recursive loops (PPID is sufficient) and by exporting it we leak _SYSTEMCTL_SKIP_REDIRECT into the runtime environment of the service. (Closes: #802018) * debian/extra/init-functions.d/40-systemd: Rename _SYSTEMCTL_SKIP_REDIRECT. Rename _SYSTEMCTL_SKIP_REDIRECT to SYSTEMCTL_SKIP_REDIRECT to be more consistent with other environment variables which are used internally by systemd, like SYSTEMCTL_SKIP_SYSV. * Various specifier resolution fixes. Turn on specifier expansion for more unit file settings. See https://github.com/systemd/systemd/pull/4835 (Closes: #781730) Checksums-Sha1: 3ed55177d2b7a5aadc74459eb64781eaa2d60775 4653 systemd_232-9.dsc c7cd51b598ba3ede009aeed233abdba3252a549c 138408 systemd_232-9.debian.tar.xz Checksums-Sha256: 7c1fedeafcb80a80827fa26f9406a73f67d317f2b9412dcbf000672b728f6865 4653 systemd_232-9.dsc 576eedc2f13c23b51d92f7e054915f4f65982868e1e0bf161197ddd1f77f3627 138408 systemd_232-9.debian.tar.xz Files: d05679abdbfe4fd6e35e0e52f7e53dea 4653 admin optional systemd_232-9.dsc 502cbd87d68f958377cb431046d05bd6 138408 admin optional systemd_232-9.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAlh3qCEACgkQauHfDWCP Itw4zw/8DalNU2o7B0umLlKHDjzn88snw53DT4zeY5NsrvbN8taYCZnfyyKX/KIs WRwHKDxvPcSolNdlxj5dZ4XlRwgrhKHp9fd/qHpIv4R8ZSlzCQQvVUvAU6FbLNLp GkEg9p6W5tqiYvzOrAc07v2pmGDQRrl2Hznx/0jIPd07OPrLI8anr1+puhuCABT4 i05fe0k7NXnfiq029xFAgMBgEUDk1ZtzYSoHPKfvWoIdCwga7G0PKN0c+3qsLy02 X3OCb1cFPSKhX0G08bdkzjRFUPaqViV1YvMZSQ+2TTk4/P/4t5JlblpBLOo+A5a0 sw3IPMYceXtfiZaXIseigkDjnxrrsPZF7FvCiCfdHMIVilXo4UbyLcj85oEwy7PV M8ZddPblfMziYcyY+6iymlJOLe/9+gfbmYdr6o47O/8rFXFzgPGYBVCbUEzjuDoq DvOa8mBKUNMGjSBwYuf7VaCUzhJmMxX60eftO5bxieX/oRVdHgQa1CRlN07sNod3 nRas8oV0PSLabyuUsYpeNQwKjjVuwU+PfBrmI3a8ipuOPE+Mj+78HwdzrqXEWZHs T3B4y8q+KEF+kDEo5cGxjZFw1QC26swf9kHnMtKLeQah13QZrpVr0BU9QSzGfA/V ZCsPp/z07ik1UBsaFtYWLecLxIP7qXKjo/cW/OA5LPhBkCytIsM= =/ETk -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
