Generated systemd service file resulted in read-only filesystem errors
zagaberoo opened this issue · 2 comments
zagaberoo commented
When I set up fishnet to run on my Debian server, it crashed on start due to systemd sandboxing making fishnet's view of its working directory read-only
Adding a ReadWriteDirectories
line to the [Service]
fixed it and was necessary even in the face of the WorkingDirectory
line already included by default.
Here are the relevant version infos:
Debian GNU/Linux 8 \n \l
systemd 215
+PAM +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ -SECCOMP -APPARMOR
And here's the resulting config that worked, with my added line separated for clarity:
[Unit]
Description=Fishnet instance
After=network-online.target
Wants=network-online.target
[Service]
ExecStart=/usr/bin/python -m fishnet --conf /usr/local/fishnet/fishnet.ini run
WorkingDirectory=/usr/local/fishnet
User=fishnet
Group=fishnet
Nice=5
CapabilityBoundingSet=
PrivateTmp=true
PrivateDevices=true
DevicePolicy=closed
ProtectSystem=full
NoNewPrivileges=true
Restart=always
ReadWriteDirectories=/usr/local/fishnet
[Install]
WantedBy=multi-user.target
niklasf commented
Thanks, excellent bug report!
zagaberoo commented
Glad to contribute to an awesome project!