Re: [systemd-devel] systemd-216 breaks combined ReadOnlyDirectories / ReadWriteDirectories

2015-02-25 Thread Reindl Harald 



Am 28.01.2015 um 02:48 schrieb Lennart Poettering:

On Tue, 20.01.15 13:48, Reindl Harald (h.rei...@thelounge.net) wrote:


after upgrade to Fedora 21 with new systemd namespaces like below no longer
works which breaks *all my systemd-units*

why?

ReadOnlyDirectories=/var/lib
ReadWriteDirectories=/var/lib/mysql


I cannot reproduce this issue with systemd upstream. This appears to
work fine. Any chance you can try to reproduce this with current
upstream?

Do you have any other namespace-related settings in the unit file that
triggers this? Like ProtectSystem= or so? Can you paste the entire
unit file?


here is a sample unit and some tests
https://bugzilla.redhat.com/show_bug.cgi?id=1184016#c29

systemd-213-4.fc21 was the last build without that issue
see sample below, /var/lib/test/subfolder is owned by the user

in general i try to use as much as possible features to restrict 
services to their absolute minimum need

_

[root@rawhide ~]# cat /etc/systemd/system/test.service
[Unit]
Description=Test-Service

[Service]
Type=oneshot
User=nobody
Group=nobody
#PermissionsStartOnly=true
#ExecStartPre=/usr/bin/touch /var/lib/test/subfolder/test.txt
ExecStart=/usr/bin/touch /var/lib/test/subfolder/test.txt

ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/var/lib/test
ReadWriteDirectories=/var/lib/test/subfolder
_

[root@rawhide ~]# stat /var/lib/test/
  File: '/var/lib/test/'
  Size: 4096Blocks: 8  IO Block: 4096   directory
Device: 811h/2065d  Inode: 130889  Links: 3
Access: (0755/drwxr-xr-x)  Uid: (0/root)   Gid: (0/root)
Access: 2015-02-23 16:41:32.523299826 +0100
Modify: 2015-02-23 16:41:38.617223191 +0100
Change: 2015-02-24 16:17:18.969601190 +0100
 Birth: -

[root@rawhide ~]# stat /var/lib/test/subfolder
  File: '/var/lib/test/subfolder'
  Size: 4096Blocks: 8  IO Block: 4096   directory
Device: 811h/2065d  Inode: 130912  Links: 2
Access: (0755/drwxr-xr-x)  Uid: (   99/  nobody)   Gid: (   99/  nobody)
Access: 2015-02-24 16:17:19.021782540 +0100
Modify: 2015-02-24 15:01:51.760650707 +0100
Change: 2015-02-24 16:17:19.021782540 +0100
 Birth: -




signature.asc
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd-216 breaks combined ReadOnlyDirectories / ReadWriteDirectories

2015-01-27 Thread Lennart Poettering 
On Tue, 20.01.15 13:48, Reindl Harald (h.rei...@thelounge.net) wrote:

> after upgrade to Fedora 21 with new systemd namespaces like below no longer
> works which breaks *all my systemd-units*
> 
> why?
> 
> ReadOnlyDirectories=/var/lib
> ReadWriteDirectories=/var/lib/mysql

I cannot reproduce this issue with systemd upstream. This appears to
work fine. Any chance you can try to reproduce this with current
upstream?

Do you have any other namespace-related settings in the unit file that
triggers this? Like ProtectSystem= or so? Can you paste the entire
unit file?

Lennart

-- 
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] systemd-216 breaks combined ReadOnlyDirectories / ReadWriteDirectories

2015-01-20 Thread Reindl Harald 
after upgrade to Fedora 21 with new systemd namespaces like below no 
longer works which breaks *all my systemd-units*


why?

ReadOnlyDirectories=/var/lib
ReadWriteDirectories=/var/lib/mysql

150120 13:44:01 [ERROR] Can't start server : Bind on unix socket: 
Read-only file system
150120 13:44:01 [ERROR] Do you already have another mysqld server 
running on socket: /var/lib/mysql/mysqld_dbmail.sock ?








signature.asc
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel