Bug#781730: systemd: Instance variable %i not available for ReadWriteDirectories
Michael Biebl
biebl at debian.org
Thu Apr 2 11:31:36 BST 2015
Hi Bernhard,
Am 02.04.2015 um 11:07 schrieb Bernhard Schmidt:
> We're trying to run multiple DHCP processes on one system. They have
> their data in a instance-specific configuration directory and we'd like
> to limit (r/w for now) filesystem access to that directory for security
> reasons.
>
> ==> dhcpd at .service <==
> [Unit]
> Description=DHCP Instance %i
> After=syslog.target
> After=network.target
>
> [Service]
> ExecStart=/usr/sbin/dhcpd -cf /var/lib/dhcp/%i/etc/dhcpd.conf -lf
> /var/lib/dhcp/%i/db/dhcpd.leases -pf /var/lib/dhcp/%i/dhcpd.pid -f
> Type=simple
> Restart=on-failure
> CapabilityBoundingSet=CAP_NET_RAW CAP_NET_BIND_SERVICE
> NoNewPrivileges=true
> ReadOnlyDirectories=/
> ReadWriteDirectories=/var/lib/dhcp/%i
>
> This does not work
This looks like a reasonable request. Could you file a bug upstream and
let us know about the bug number?
Thanks,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20150402/b783a1e7/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list