1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-05 15:21:37 +03:00
systemd/test/test-execute/exec-read-only-path-succeed.service
Lennart Poettering 6818c54ca6 core: skip ReadOnlyPaths= and other permission-related mounts on PermissionsStartOnly= (#5309)
ReadOnlyPaths=, ProtectHome=, InaccessiblePaths= and ProtectSystem= are
about restricting access and little more, hence they should be disabled
if PermissionsStartOnly= is used or ExecStart= lines are prefixed with a
"+". Do that.

(Note that we will still create namespaces and stuff, since that's about
a lot more than just permissions. We'll simply disable the effect of
the four options mentioned above, but nothing else mount related.)

This also adds a test for this, to ensure this works as intended.

No documentation updates, as the documentation are already vague enough
to support the new behaviour ("If true, the permission-related execution
options…"). We could clarify this further, but I think we might want to
extend the switches' behaviour a bit more in future, hence leave it at
this for now.

Fixes: #5308
2017-02-12 00:44:46 -05:00

9 lines
365 B
Desktop File

[Service]
Type=oneshot
# This should work, as we explicitly disable the effect of ReadOnlyPaths=
ExecStart=+/bin/touch /tmp/thisisasimpletest
# This should also work, as we do not disable the effect of ReadOnlyPaths= but invert the exit code
ExecStart=/bin/sh -x -c '! /bin/touch /tmp/thisisasimpletest'
ExecStart=+/bin/rm /tmp/thisisasimpletest
ReadOnlyPaths=/tmp