Bug#781730: systemd: Instance variable %i not available for ReadWriteDirectories
On Sat, 17 Dec 2016 22:13:35 +0100 Michael Biebl wrote: > Control: tags -1 fixed-upstream > > This seems to be fixed in current git master, i.e. the upcoming v233. > Can't point to the relevant commits though. The fix was part of https://github.com/systemd/systemd/pull/4835/, specifically https://github.com/systemd/systemd/pull/4835/commits/7b07e99320586fa3baf3e6cbb374f06c6ddc47d8 It might be a bit excessive for a cherry-pick as we probably have to take more or less the complete branch. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#781730: systemd: Instance variable %i not available for ReadWriteDirectories
Control: tags -1 fixed-upstream On Thu, 02 Apr 2015 17:06:52 +0200 Bernhard Schmidt wrote: > Control: forwarded -1 https://bugs.freedesktop.org/show_bug.cgi?id=89875 > > Hi, > > > This looks like a reasonable request. Could you file a bug upstream and > > let us know about the bug number? This seems to be fixed in current git master, i.e. the upcoming v233. Can't point to the relevant commits though. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#781730: systemd: Instance variable %i not available for ReadWriteDirectories
Control: forwarded -1 https://bugs.freedesktop.org/show_bug.cgi?id=89875 Hi, > This looks like a reasonable request. Could you file a bug upstream and > let us know about the bug number? Done. Bernhard -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#781730: systemd: Instance variable %i not available for ReadWriteDirectories
Hi Bernhard, Am 02.04.2015 um 11:07 schrieb Bernhard Schmidt: > We're trying to run multiple DHCP processes on one system. They have > their data in a instance-specific configuration directory and we'd like > to limit (r/w for now) filesystem access to that directory for security > reasons. > > ==> dhcpd@.service <== > [Unit] > Description=DHCP Instance %i > After=syslog.target > After=network.target > > [Service] > ExecStart=/usr/sbin/dhcpd -cf /var/lib/dhcp/%i/etc/dhcpd.conf -lf > /var/lib/dhcp/%i/db/dhcpd.leases -pf /var/lib/dhcp/%i/dhcpd.pid -f > Type=simple > Restart=on-failure > CapabilityBoundingSet=CAP_NET_RAW CAP_NET_BIND_SERVICE > NoNewPrivileges=true > ReadOnlyDirectories=/ > ReadWriteDirectories=/var/lib/dhcp/%i > > This does not work This looks like a reasonable request. Could you file a bug upstream and let us know about the bug number? Thanks, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#781730: systemd: Instance variable %i not available for ReadWriteDirectories
Package: systemd Version: 215-12 Severity: normal Tags: upstream Hi, this also affects experimental (219-5) We're trying to run multiple DHCP processes on one system. They have their data in a instance-specific configuration directory and we'd like to limit (r/w for now) filesystem access to that directory for security reasons. ==> dhcpd@.service <== [Unit] Description=DHCP Instance %i After=syslog.target After=network.target [Service] ExecStart=/usr/sbin/dhcpd -cf /var/lib/dhcp/%i/etc/dhcpd.conf -lf /var/lib/dhcp/%i/db/dhcpd.leases -pf /var/lib/dhcp/%i/dhcpd.pid -f Type=simple Restart=on-failure CapabilityBoundingSet=CAP_NET_RAW CAP_NET_BIND_SERVICE NoNewPrivileges=true ReadOnlyDirectories=/ ReadWriteDirectories=/var/lib/dhcp/%i This does not work Apr 02 11:02:38 dns-w-neu systemd[1]: Started DHCP Instance b1peer2. Apr 02 11:02:38 dns-w-neu systemd[1]: Starting DHCP Instance b1peer2... Apr 02 11:02:38 dns-w-neu systemd[7760]: Failed at step NAMESPACE spawning /usr/sbin/dhcpd: No such file or directory Apr 02 11:02:38 dns-w-neu systemd[1]: dhcpd@b1peer2.service: main process exited, code=exited, status=226/NAMESPACE Apr 02 11:02:38 dns-w-neu systemd[1]: Unit dhcpd@b1peer2.service entered failed state. Apr 02 11:02:38 dns-w-neu systemd[1]: dhcpd@b1peer2.service failed. Apr 02 11:02:38 dns-w-neu systemd[1]: dhcpd@b1peer2.service holdoff time over, scheduling restart. The directory exists root@dns-w-neu:/var/lib/dhcp# ls -lad b1peer2 drwxr-xr-x 4 root root 4096 Apr 1 16:40 b1peer2 it works fine with either ReadWriteDirectories=/var/lib/dhcp and ReadWriteDirectories=/var/lib/dhcp/b1peer2 (which obviously won't work with other instances, but that's not the point here). So it seems that %i is not evaluated in ReadWriteDirectories (at least). Bernhard -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
