Your message dated Thu, 23 Jul 2020 00:27:56 +0200
with message-id <[email protected]>
and subject line Re: Bug#966058: systemd: PrivateTmp=true applied for
ExecStartPre=+/binary
has caused the Debian Bug report #966058,
regarding systemd: PrivateTmp=true applied for ExecStartPre=+/binary
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
966058: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966058
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: systemd
Version: 241-7~deb10u4
Severity: normal
Dear Maintainer,
I have a binary that has to be started with PrivateTmp=true, but one of
the pre-tasks is to be executed as root and has to write to the
non-private part of /tmp. This should be possible, if I read the
documentation on prefixes (in systemd.service) right.
My testbed looks like that:
[Service]
Type=oneshot
User=someuser
Group=somegroup
# Test
ExecStartPre=+/bin/touch /tmp/servicetest
ExecStart=/bin/true
PrivateTmp=true
I expected the file /tmp/servicetest to be created after running the
service, as it correctly is (as root:root) when PrivateTmp is default
(false). Alas it's not the case when set to 'true'. Is there anything I
missed out?
-- Package-specific info:
-- System Information:
Debian Release: 10.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-9-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages systemd depends on:
ii adduser 3.118
ii libacl1 2.2.53-4
ii libapparmor1 2.13.2-10
ii libaudit1 1:2.8.4-3
ii libblkid1 2.33.1-0.1
ii libc6 2.28-10
ii libcap2 1:2.25-2
ii libcryptsetup12 2:2.1.0-5+deb10u2
ii libgcrypt20 1.8.4-5
ii libgnutls30 3.6.7-4+deb10u4
ii libgpg-error0 1.35-1
ii libidn11 1.33-2.2
ii libip4tc0 1.8.2-4
ii libkmod2 26-1
ii liblz4-1 1.8.3-1
ii liblzma5 5.2.4-1
ii libmount1 2.33.1-0.1
ii libpam0g 1.3.1-5
ii libseccomp2 2.3.3-4
ii libselinux1 2.8-1+b1
ii libsystemd0 241-7~deb10u4
ii mount 2.33.1-0.1
ii util-linux 2.33.1-0.1
Versions of packages systemd recommends:
ii dbus 1.12.16-1
ii libpam-systemd 241-7~deb10u4
Versions of packages systemd suggests:
ii policykit-1 0.105-25
pn systemd-container <none>
Versions of packages systemd is related to:
pn dracut <none>
ii initramfs-tools 0.133+deb10u1
ii udev 241-7~deb10u4
-- Configuration Files:
/etc/systemd/timesyncd.conf changed [not included]
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 245.6-3
Am 22.07.20 um 13:52 schrieb Drexl Johannes:
> Package: systemd
> Version: 241-7~deb10u4
> Severity: normal
>
> Dear Maintainer,
>
> I have a binary that has to be started with PrivateTmp=true, but one of
> the pre-tasks is to be executed as root and has to write to the
> non-private part of /tmp. This should be possible, if I read the
> documentation on prefixes (in systemd.service) right.
> My testbed looks like that:
>
> [Service]
> Type=oneshot
> User=someuser
> Group=somegroup
> # Test
> ExecStartPre=+/bin/touch /tmp/servicetest
> ExecStart=/bin/true
> PrivateTmp=true
>
> I expected the file /tmp/servicetest to be created after running the
> service, as it correctly is (as root:root) when PrivateTmp is default
> (false). Alas it's not the case when set to 'true'. Is there anything I
> missed out?
I don't think so. Seems to be a genuine bug.
I tested your reproducer on sid, where this works as expected, so
marking as fixed for 245.6-3
Michael
signature.asc
Description: OpenPGP digital signature
--- End Message ---
