Generated systemd service file resulted in read-only filesystem errors

Question

Generated systemd service file resulted in read-only filesystem errors

zagaberoo opened this issue 5 years ago · 2 comments

When I set up fishnet to run on my Debian server, it crashed on start due to systemd sandboxing making fishnet's view of its working directory read-only

Adding a ReadWriteDirectories line to the [Service] fixed it and was necessary even in the face of the WorkingDirectory line already included by default.

Here are the relevant version infos:

Debian GNU/Linux 8 \n \l

systemd 215
+PAM +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ -SECCOMP -APPARMOR

And here's the resulting config that worked, with my added line separated for clarity:

[Unit]
Description=Fishnet instance
After=network-online.target
Wants=network-online.target

[Service]
ExecStart=/usr/bin/python -m fishnet --conf /usr/local/fishnet/fishnet.ini run
WorkingDirectory=/usr/local/fishnet
User=fishnet
Group=fishnet
Nice=5                                                                                                                                   
CapabilityBoundingSet=
PrivateTmp=true
PrivateDevices=true
DevicePolicy=closed
ProtectSystem=full
NoNewPrivileges=true
Restart=always

ReadWriteDirectories=/usr/local/fishnet

[Install]
WantedBy=multi-user.target

Answer 1 · 2019-07-09T23:12:52.000Z

Thanks, excellent bug report!

Answer 2 · 2019-07-09T23:38:57.000Z

Glad to contribute to an awesome project!