On Tue, Feb 27, 2018 at 2:37 PM, Antoine Pietri <antoine.piet...@gmail.com> wrote: > - My current workaround is to shell-out to `systemd-run -p > DynamicUser=yes ...` first to do a mkdir -p, then for a cp -R. This > solution requires a lot of boilerplate from the Python wrapper and > takes more time for no good reason, so I think it's not ideal. > > - I believe another solution would be to modify /var/cache/private > directly, but I'm not sure it's a good practice to do so because I > don't know if this path is reliable or just an implementation detail. > Plus, it requires a weird special case compared to when I don't run > makepkg with systemd-run, as I have to insert something in the middle > of the copy destination path. > > - Maybe there's something else I'm missing that would allow me to do > this more cleanly?
We came up with a third option, which looks a bit weird at first but should work: 1) systemd-run -P \ -p DynamicUser=yes \ -p CacheDirectory=mywrapper \ sh -c read 2) do the file operations in the Python code 3) send a "\n" or just kill() the systemd-run process when the setup is done. I am still not satisfied with any of the three options, so I would love to know what you think would be best. :-) -- Antoine Pietri On Tue, Feb 27, 2018 at 2:37 PM, Antoine Pietri <antoine.piet...@gmail.com> wrote: > Hi! > > To experiment with systemd dynamic users, I started working on a > wrapper around a program that builds user packages (Archlinux makepkg) > and that refuses to be launched as root (for very good reasons). The > idea is that the wrapper just calls: > > systemd-run --pipe \ > -p DynamicUser=yes \ > -p CacheDirectory=mywrapper \ > -p WorkingDirectory=/var/cache/mywrapper/build/repo \ > makepkg > > However, to be able to run makepkg, its cache directory has to be > pre-populated with a clone of the package to build. So, from my > wrapper, I just did: > > os.makedirs(os.path.dirname(build_dir), exist_ok=True) > shutil.copytree(repo_path, build_dir) > > to copy the content of the repo to the build directory. But it fails with: > > run-u63.service: Failed to set up special execution directory in > /var/cache: File exists > > This makes sense, because of the symbolic link shenanigans to > /var/cache/private that systemd uses to keep the filesystem readonly. > So, now I'm wondering what would be the best practice to prepopulate > this directory: > > - My current workaround is to shell-out to `systemd-run -p > DynamicUser=yes ...` first to do a mkdir -p, then for a cp -R. This > solution requires a lot of boilerplate from the Python wrapper and > takes more time for no good reason, so I think it's not ideal. > > - I believe another solution would be to modify /var/cache/private > directly, but I'm not sure it's a good practice to do so because I > don't know if this path is reliable or just an implementation detail. > Plus, it requires a weird special case compared to when I don't run > makepkg with systemd-run, as I have to insert something in the middle > of the copy destination path. > > - Maybe there's something else I'm missing that would allow me to do > this more cleanly? > > Thanks, > > -- > Antoine Pietri -- Antoine Pietri _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
