Re: Escaping path in run0 option argument

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Mar 13, 2025 at 4:54 PM Daniel Hast <hast.daniel@xxxxxxxxxxxxxx> wrote:
>
> Hello,
>
> I'm working on a shell script that makes use of run0, and I'm having trouble figuring out how to escape a file path in the --property option. I want to use --property="ProtectSystem=strict" and --property="ReadWritePaths=[...]" to limit the transient service unit's write access to only the files it needs access to (as a sandboxing measure), but one of the paths comes from user input and could have any characters that are valid in a file path (including spaces and, in principle, any Unicode characters except NUL), so it needs to be escaped.
>
> I'm aware of systemd-escape but I'm unsure of how to use it with arguments to run0; if I simply do something like --property="ReadWritePaths=$(systemd-escape --path "$filename")", I get an error: "Failed to start transient service unit: Invalid ReadWritePaths". But if I pass in an unescaped filename with spaces, I also get this error. What's the right way to do this?

Yes, the rules are not apparently documented.

Looking in sources, the values are quoted using '...' or "...". My
understanding is that '\' can be used to escape quote character
itself.
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux