mirror of
https://github.com/systemd/systemd.git
synced 2024-11-05 15:21:37 +03:00
6818c54ca6
ReadOnlyPaths=, ProtectHome=, InaccessiblePaths= and ProtectSystem= are about restricting access and little more, hence they should be disabled if PermissionsStartOnly= is used or ExecStart= lines are prefixed with a "+". Do that. (Note that we will still create namespaces and stuff, since that's about a lot more than just permissions. We'll simply disable the effect of the four options mentioned above, but nothing else mount related.) This also adds a test for this, to ensure this works as intended. No documentation updates, as the documentation are already vague enough to support the new behaviour ("If true, the permission-related execution options…"). We could clarify this further, but I think we might want to extend the switches' behaviour a bit more in future, hence leave it at this for now. Fixes: #5308
9 lines
365 B
Desktop File
9 lines
365 B
Desktop File
[Service]
|
|
Type=oneshot
|
|
# This should work, as we explicitly disable the effect of ReadOnlyPaths=
|
|
ExecStart=+/bin/touch /tmp/thisisasimpletest
|
|
# This should also work, as we do not disable the effect of ReadOnlyPaths= but invert the exit code
|
|
ExecStart=/bin/sh -x -c '! /bin/touch /tmp/thisisasimpletest'
|
|
ExecStart=+/bin/rm /tmp/thisisasimpletest
|
|
ReadOnlyPaths=/tmp
|