On Sat, Feb 17, 2018, 20:42 Mirosław Zalewski <mini...@poczta.onet.pl> wrote:
> Hi > > I have a service that should run under user systemd instance. It needs > access to directory outside of it's usual paths and does not follow > symlinks, so I figured that `mount --bind` might be a way to go. > > However, I can't make BindPaths= directive work in user service file. > It seems that directive is simply ignored. I can reproduce the issue > using systemd-run: > > $ systemd-run -qt -p BindReadOnlyPaths=/run/user/1000/:/tmp/bindmount/ > /bin/ls -a /tmp/bindmount/ > . bus dconf gvfs klauncherJ21213.1.slave-socket > ksocket-user pulse systemd > .. dbus-1 gnupg kdeinit5__0 KSMserver__0 > kwallet5.socket rsnapshot > > $ systemd-run -qt --user -p > BindReadOnlyPaths=/run/user/1000/:/tmp/bindmount/ /bin/ls -a /tmp/bindmount/ > . .. > > > Is this by design? I don't see any mention of this limitation in man > entries for systemd.mount and for systemd.exec. > It's not a systemd limitation. Mounting is a privileged operation in Linux and only available to root (or processes with the correct capabilities). Your systemd instance only has the same privileges you yourself have. > -- Mantas Mikulėnas <graw...@gmail.com> Sent from my phone
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel