mirror of
https://github.com/systemd/systemd.git
synced 2025-01-21 22:04:01 +03:00
6818c54ca6
ReadOnlyPaths=, ProtectHome=, InaccessiblePaths= and ProtectSystem= are
about restricting access and little more, hence they should be disabled
if PermissionsStartOnly= is used or ExecStart= lines are prefixed with a
"+". Do that.
(Note that we will still create namespaces and stuff, since that's about
a lot more than just permissions. We'll simply disable the effect of
the four options mentioned above, but nothing else mount related.)
This also adds a test for this, to ensure this works as intended.
No documentation updates, as the documentation are already vague enough
to support the new behaviour ("If true, the permission-related execution
options…"). We could clarify this further, but I think we might want to
extend the switches' behaviour a bit more in future, hence leave it at
this for now.
Fixes: #5308
The extended testsuite only works with uid=0. It contains of several subdirectories named "test/TEST-??-*", which are run one by one. To run the extended testsuite do the following: $ make all $ cd test $ sudo make clean check ... make[1]: Entering directory `/mnt/data/harald/git/systemd/test/TEST-01-BASIC' Making all in . Making all in po TEST: Basic systemd setup [OK] make[1]: Leaving directory `/mnt/data/harald/git/systemd/test/TEST-01-BASIC' ... If one of the tests fails, then $subdir/test.log contains the log file of the test. To debug a special testcase of the testsuite do: $ make all $ cd test/TEST-01-BASIC $ sudo make clean setup run QEMU ==== If you want to log in the testsuite virtual machine, you can specify additional kernel command line parameter with $KERNEL_APPEND. $ sudo make KERNEL_APPEND="systemd.unit=multi-user.target" clean setup run you can even skip the "clean" and "setup" if you want to run the machine again. $ sudo make KERNEL_APPEND="systemd.unit=multi-user.target" run You can specify a different kernel and initramfs with $KERNEL_BIN and $INITRD. (Fedora's or Debian's default kernel path and initramfs are used by default) $ sudo make KERNEL_BIN=/boot/vmlinuz-foo INITRD=/boot/initramfs-bar clean check A script will try to find your QEMU binary. If you want to specify a different one you can use $QEMU_BIN. $ sudo make QEMU_BIN=/path/to/qemu/qemu-kvm clean check