On 4/14/20 10:43 AM, Darrick J. Wong wrote: > From: Darrick J. Wong <darrick.wong@xxxxxxxxxx> > > Somewhere between systemd 237 and 245, they changed the order in which a > job has its uid/gid set; capabilities applied; and working directory > set. Whereas before they did it in an order such that you could set the > working directory to a path inaccessible to 'nobody' (either because > they did it before changing the uid or after adding capabilities), now > they don't and users instead get a service failure: > > xfs_scrub@-boot.service: Changing to the requested working directory failed: Permission denied > xfs_scrub@-boot.service: Failed at step CHDIR spawning /usr/sbin/xfs_scrub: Permission denied > xfs_scrub@-boot.service: Main process exited, code=exited, status=200/CHDIR > > Regardless, xfs_scrub works just fine with PWD set to /, so remove that > directive. > > Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx> systemd is a black box to me but given this change is self contained and scrub is "experimental" let's go for it? ;) I'll pull this in. Reviewed-by: Eric Sandeen <sandeen@xxxxxxxxxx> > --- > scrub/xfs_scrub@xxxxxxxxxxx | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/scrub/xfs_scrub@xxxxxxxxxxx b/scrub/xfs_scrub@xxxxxxxxxxx > index 56acea67..6fb3f6ea 100644 > --- a/scrub/xfs_scrub@xxxxxxxxxxx > +++ b/scrub/xfs_scrub@xxxxxxxxxxx > @@ -5,7 +5,6 @@ Documentation=man:xfs_scrub(8) > > [Service] > Type=oneshot > -WorkingDirectory=%I > PrivateNetwork=true > ProtectSystem=full > ProtectHome=read-only >
