inetd/chroot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

On Thu, Mar 8, 2018 at 9:17 AM, Fisher, Charles J. (Top Echelon)
<Charles.Fisher at arconic.com> wrote:
> These are the units in question:
>
>      # cat /etc/systemd/system/yum.socket
>       [Unit]
>      Description=yum proxy
>
>       [Socket]
>      ListenStream=5865
>      Accept=yes
>
>       [Install]
>      WantedBy=sockets.target
>
>
>      # cat /etc/systemd/system/yum at .service
>       [Unit]
>      Description=yum proxy
>
>       [Service]
>      RootDirectory=/home/fwjail
>      ExecStart=-/usr/local/etc/http-gw
>      StandardInput=socket
>      User=nobody
>      Group=nobody
>
>
> Placing the toolkit component in /home/fwjail/usr/local/etc/http-gw, and
> attempting to start the socket fails:
>
>      # systemctl start yum.socket
>      Job for yum.socket failed. See "systemctl status yum.socket" and
> "journalctl -xe" for details.
>
> However, if I place any file at the corresponding location *outside of the
> chroot* the service will start normally.

Yes, I could reproduce this.

It happens while systemd tries to find the SELinux label of the binary.

I pushed a PR with a fix here:
https://github.com/systemd/systemd/pull/8405

Once it's merged, you might want to ask the maintainers of your distro
to backport it...

Cheers!
Filipe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4851 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20180308/21df873e/attachment-0001.bin>
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux