BindReadOnlyPaths statement in service file behaves unexpectedly

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

In a service file I am creating I use the BindReadOnlyPaths statement like this: 


root@htpc:~# cat /etc/systemd/system/vpn.service
[Unit]
Before = systemd-networkd.service
After = network-setup.service
Requisite = network-setup.service
ConditionPathExists = /run/systemd/network/50-tap_vpn.network

[Service]
Type = exec
TemporaryFileSystem = /etc
BindReadOnlyPaths = /etc/ssh
BindReadOnlyPaths = /etc/wpa_supplicant
BindReadOnlyPaths = /etc/dhcp
BindReadOnlyPaths = /etc/passwd
BindReadOnlyPaths = /etc/hosts
BindReadOnlyPaths = /etc/nsswitch.conf
NetworkNamespacePath = /run/netns/vpnlink
ExecStart = sh -c 'wpa_supplicant -B -i wlan_usb -c /etc/wpa_supplicant/wpa_supplicant.conf; \ 
            dhclient -4 wlan_usb; \
            ssh -4 -i ~/.ssh/config-vpn -P vpn sarkovy'

[Install]
WantedBy = multi-user.target


The man page for systemd.exec states:

       BindPaths=, BindReadOnlyPaths=
Configures unit-specific bind mounts. A bind mount makes a particular file or directory available at an additional place in the unit's view of the file system...
However, while the bind mounts for directories seem to work, those for individual files do not. I get complaints about systemd being unable to create the required mount points: 

root@htpc:~# systemctl status vpn.service | cat
× vpn.service
Loaded: loaded (/etc/systemd/system/vpn.service; enabled; preset: disabled) 
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
Active: failed (Result: exit-code) since Thu 2024-07-18 16:21:25 CEST; 27s ago Process: 1597 ExecStart=sh -c wpa_supplicant -B -i wlan_usb -c /etc/wpa_supplicant/wpa_supplicant.conf; dhclient -4 wlan_usb; ssh -4 -i ~/.ssh/config-vpn -P vpn sarkovy (code=exited, status=226/NAMESPACE) 
   Main PID: 1597 (code=exited, status=226/NAMESPACE)
        CPU: 10ms

Jul 18 16:21:25 htpc systemd[1]: Starting vpn.service...
Jul 18 16:21:25 htpc (sh)[1597]: Failed to create destination mount point node '/run/systemd/mount-rootfs/etc/hosts', ignoring: Permission denied Jul 18 16:21:25 htpc (sh)[1597]: Failed to mount /etc/hosts to /run/systemd/mount-rootfs/etc/hosts: No such file or directory Jul 18 16:21:25 htpc (sh)[1597]: vpn.service: Failed to set up mount namespacing: /etc/hosts: No such file or directory Jul 18 16:21:25 htpc systemd[1]: vpn.service: Main process exited, code=exited, status=226/NAMESPACE Jul 18 16:21:25 htpc systemd[1]: vpn.service: Failed with result 'exit-code'. 
Jul 18 16:21:25 htpc systemd[1]: Failed to start vpn.service.

Is there anyting I am doing wrong?
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux