Am 30.01.2013 16:51, schrieb Colin Guthrie: > 'Twas brillig, and Reindl Harald at 30/01/13 15:34 did gyre and gimble: >> systemd-197-1.fc18.2.x86_64 >> >> i try to make a generic list with folders which are never >> supposed to be access from httpd - but if you list here >> a non-existing directory httpd.service fails completly >> to start - as i can undersatnd this technically would >> it be not better to check if a dir exists and if not >> ignore the line silently? > > Well I guess a problem with that approach would be if the folder doesn't > exist when the service starts but is then created after.
that is right - but AFAIk we have two choices * crash the service at start if a listed folder disappeared * do not protect a folder if it does not exist at startup and is created later in the second case: well, it is not perfect but i doubt that perfect is possible in this context and not refuse starting httpd for me would be more perfect > An administrator would be forgiven for expecting the service not to be > able to access this folder when reading the service, but AFAIUI, this > would actually not be the case. > > I could be wrong of course and even if not it's maybe still acceptable > behaviour i would propose here "InaccessibleDirectories=-/data/backups" the same way as for EnvFiles, this even works in context not failing to start the service BUT if the folder exists it's not locked HTTP 403: InaccessibleDirectories=/Volumes/dune/www-servers HTTP 200: InaccessibleDirectories=-/Volumes/dune/www-servers
signature.asc
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
