Skip to content

Allow read access to user home dir in the systemd unit #2734

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 25, 2022
Merged

Allow read access to user home dir in the systemd unit #2734

merged 3 commits into from
Nov 25, 2022

Conversation

tobim
Copy link
Member

@tobim tobim commented Nov 24, 2022

In case the XDG config directory of the vast user is not in /var/lib/vast the sandboxing configuration of the unit would deny access to the configuration files in that place, causing the main process to exit.

In theory the config directory may be outside of the home directory, but systemd has no mechanism to specify that, so we make the home dir read only instead.

@tobim
Allow read access to user home dir in the systemd unit
bd1c32f 
In case the XDG config directory of the vast user is not in
`/var/lib/vast` the sandboxing configuration of the unit would
deny access to the configuration files in that place, causing
the main process to exit.

In theory the config directory may be outside of the home directory,
but systemd has no mechanism to specify that, so we make the home
dir read only instead.
@tobim tobim added the bug Incorrect behavior label Nov 24, 2022
dominiklohmann
dominiklohmann approved these changes Nov 24, 2022
View reviewed changes
Copy link
Member

@dominiklohmann dominiklohmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ready to go modulo changelog entry! Thanks for fixing this so quickly

@tobim tobim enabled auto-merge November 24, 2022 15:28
@tobim tobim force-pushed the topic/config-search-path-permission-denied branch from bf9e3bc to 44050d9 Compare November 25, 2022 10:46
@tobim tobim merged commit 9e9f410 into master Nov 25, 2022
@tobim tobim deleted the topic/config-search-path-permission-denied branch November 25, 2022 18:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mavam mavam mavam left review comments

@dominiklohmann dominiklohmann dominiklohmann approved these changes

Assignees
No one assigned
Labels
bug Incorrect behavior
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tobim @mavam @dominiklohmann