[Pkg-matrix-maintainers] Bug#977430: matrix-synapse: please make service file not call python3 directly

Russell Coker russell at coker.com.au
Tue Dec 15 00:49:45 GMT 2020 

Package: matrix-synapse
Version: 1.24.0-1~bpo10+1
Severity: normal

The matrix-synapse.service file calls python3 directly for ExecStartPre and
ExecStart.  That means that when running SE Linux the daemon will get the
same context as all other instances of python3 being run (IE not a special
context for this daemon) and also it means that if the sysadmin wants to
change the start command there is no good way to do it as "systemctl edit"
doesn't allow overriding those 2 lines.

It would give more flexibility for all sysadmins if scripts under /usr/sbin
or /etc/matrix-synapse were used for these as well as making it easier to
run with SE Linux.

-- System Information:
Debian Release: 10.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-13-amd64 (SMP w/3 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Enforcing - Policy name: default

Versions of packages matrix-synapse depends on:
ii  adduser                    3.118
ii  debconf [debconf-2.0]      1.5.71
ii  init-system-helpers        1.56+nmu1
ii  libjs-jquery               3.3.1~dfsg-3
ii  libpython3-stdlib          3.7.3-1
ii  lsb-base                   10.2019051400
ii  perl                       5.28.1-6+deb10u1
ii  python3                    3.7.3-1
ii  python3-attr               19.3.0-3~bpo10+1
ii  python3-bcrypt             3.1.6-1
ii  python3-bleach             3.1.2-0+deb10u1
ii  python3-canonicaljson      1.4.0-1~bpo10+1
ii  python3-distutils          3.7.3-1
ii  python3-frozendict         1.2-1
ii  python3-idna               2.6-1
ii  python3-jinja2             2.10-2
ii  python3-jsonschema         2.6.0-4
ii  python3-lxml               4.3.2-1+deb10u1
ii  python3-msgpack            0.5.6-1+b1
ii  python3-nacl               1.3.0-2
ii  python3-netaddr            0.7.19-1
ii  python3-openssl            19.0.0-1
ii  python3-phonenumbers       8.9.10-1
ii  python3-pil                5.4.1-2+deb10u2
ii  python3-prometheus-client  0.6.0-1
ii  python3-pyasn1             0.4.2-3
ii  python3-pyasn1-modules     0.2.1-0.2
ii  python3-pymacaroons        0.13.0-2
ii  python3-service-identity   18.1.0-5~bpo10+1
ii  python3-signedjson         1.1.0-1~bpo10+1
ii  python3-sortedcontainers   2.0.4-1
ii  python3-systemd            234-2+b1
ii  python3-treq               18.6.0-0.1
ii  python3-twisted            18.9.0-8~bpo10+1
ii  python3-typing-extensions  3.7.4.1-1~bpo10+1
ii  python3-unpaddedbase64     1.1.0-4
ii  python3-yaml               3.13-2

Versions of packages matrix-synapse recommends:
pn  python3-psycopg2  <none>

Versions of packages matrix-synapse suggests:
pn  python3-txacme  <none>

-- Configuration Files:
/etc/matrix-synapse/homeserver.yaml changed [not included]

-- debconf information excluded

More information about the Pkg-matrix-maintainers mailing list