On Thu, Nov 18, 2021 at 08:02:23PM +0100, Uwe Sauter via arch-general wrote: > Dear all, hello Uwe. > beginning with matrix-synapse 1.44.0-1 in early October a Systemd override > file (see below for reference) was included to the package that aims to > enhance the security of Synapse. Amongst other things it tells Systemd to > restrict access to certain directories that are seen as defaults. yep. I did this. > Unfortunately this enhancement broke my setup by neglecting that there are > various paths inside Synapse's configuration that can be customized, e.g. > media_store_path and uploads_path. > The error I see in my logs is: sorry for that. > It is also impossible to insert pictures into the chat. The client just > tells "unable to send message" but no log entry is created on the server. > > Did I miss any notification about this change? there are no notification about that. and I am sorry for that too. > Can anyone help me with customizing the Systemd override file so that > Synapse regains access to media_store_path and uploads_path? Certainly. you can edit the synapse.service unit with the systemctl edit command and write ReadWritePaths=/srv/matrix in the [Service] section you can read about systemd unit editing on the arch wiki[1] and consult systemd.exec man[2] for more information about unit restrictions. > Any help is appreciated. > > > Thank you, > > Uwe [1]: https://wiki.archlinux.org/title/Systemd#Editing_provided_units [2]: https://man.archlinux.org/man/systemd.exec.5#SANDBOXING -- Sincerely, Alexander | Trusted User
Attachment:
signature.asc
Description: PGP signature
