Closes #35788
This gives access to credentials within ExecCondition=. As described in
ticket #35788, I do have a use-case for this and as noted in the
commit that dropped this[1], this is OK to be revisited if there are
use-cases.
[1]
a145623bc403e410f41808a8e5cb31d29a52567c
/* All start phases get access to credentials. ExecStartPre= gets a new credential store upon
* every invocation, so that updating credential files through it works. When the first main process
* starts, passed creds become stable. Also see 'cred_flag'. */
+ if (command_id == SERVICE_EXEC_CONDITION)
+ flags |= EXEC_SETUP_CREDENTIALS;
if (command_id == SERVICE_EXEC_START_PRE)
flags |= EXEC_SETUP_CREDENTIALS_FRESH;
if (command_id == SERVICE_EXEC_START_POST)
--service-type=oneshot --wait --pipe \
true | cmp /etc/os-release
+# https://github.com/systemd/systemd/issues/35788
+systemd-run -p DynamicUser=yes -p 'LoadCredential=os:/etc/os-release' \
+ -p 'ExecCondition=systemd-creds cat os' \
+ --unit=test-54-exec-condition.service \
+ --service-type=oneshot --wait --pipe \
+ true | cmp /etc/os-release
+
# https://github.com/systemd/systemd/pull/24734#issuecomment-1925440546
# Also ExecStartPre= should be able to update creds
dd if=/dev/urandom of=/tmp/cred-huge bs=600K count=1
projects / thirdparty / systemd.git / commitdiff
