Otherwise, if /dev/shm has a directory that cannot be accessible by
unprivileged user, then we cannot pick a dynamic user, and test service
may fail with unexpected error code:
---
Failed to enter shared memory directory /dev/shm/systemd-watch-bind-BqAGlN: Permission denied
exec-dynamicuser-supplementarygroups.service: Failed to update dynamic user credentials: Device or resource busy
exec-dynamicuser-supplementarygroups.service: Failed at step USER spawning /bin/sh: Device or resource busy
src/test/test-execute.c:885:test_exec_dynamicuser: exec-dynamicuser-supplementarygroups.service: can_unshare=no: exit status 217, expected 216
---
Follow-up for
4e032f654b94c2544ccf937209303766dfa66c24.
assert_se(mkdir_p(PRIVATE_UNIT_DIR, 0755) >= 0);
/* Mount tmpfs on the following directories to make not StateDirectory= or friends disturb the host. */
- FOREACH_STRING(p, "/root", "/tmp", "/var/tmp", "/var/lib", PRIVATE_UNIT_DIR)
+ FOREACH_STRING(p, "/dev/shm", "/root", "/tmp", "/var/tmp", "/var/lib", PRIVATE_UNIT_DIR)
assert_se(mount_nofollow_verbose(LOG_DEBUG, "tmpfs", p, "tmpfs", MS_NOSUID|MS_NODEV, NULL) >= 0);
/* Copy unit files to make them accessible even when unprivileged. */
projects / thirdparty / systemd.git / commitdiff
