On 11/04/2014 7:10 AM, Lennart Poettering wrote:
On Thu, 10.04.14 14:00, Jonathan Liu ([email protected]) wrote:
---
units/systemd-random-seed.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/units/systemd-random-seed.service.in
b/units/systemd-random-seed.service.in
index 1879b2f..cbe000c 100644
--- a/units/systemd-random-seed.service.in
+++ b/units/systemd-random-seed.service.in
@@ -13,6 +13,7 @@ RequiresMountsFor=@RANDOM_SEED@
Conflicts=shutdown.target
After=systemd-readahead-collect.service systemd-readahead-replay.service
systemd-remount-fs.service
Before=sysinit.target shutdown.target
+ConditionPathIsReadWrite=@RANDOM_SEED_DIR@
[Service]
Type=oneshot
What's the rationale here? I'd argue that the random seed service
*should* fail if /var is not writable. So what's the logic behind wanting
to conditionalize this?
Lennart
The service was failing when booting off a readonly root filesystem.
It does seem better from a security perspective for the service to fail.
If someone really wants to skip loading/saving the random seed they can
remove it from sysinit.target.wants.
Regards,
Jonathan
_______________________________________________
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
