chroot settings in /lib/systemd/system/wsdd.service - solved with solution

[gilarelli]

Hi,

I don't know if this issue has already been brought up or if it is even an issue, but this line of the .service file didn't work for me: ExecStartPre=/usr/bin/install -d -o daemon -g daemon -m 0700 /run/wsdd/chroot --> it seems that I didn't have the rights to create a folder in /run with the user I choose (daemon:daemon) to run it.

Here is the solution I came up with:

[Service] Type=simple EnvironmentFile=/etc/wsdd.conf ExecStart=/usr/bin/wsdd $WSDD_PARAMS User=daemon Group=daemon ; The following lines can be used for a chroot execution of wsdd. ; Also append '--chroot /run/wsdd' to ExecStart to enable chrooting AmbientCapabilities=CAP_SYS_CHROOT RuntimeDirectory=wsdd RuntimeDirectoryMode=0700

So: each time the service is started, it will create the folder /run/wsdd and remove it when stopped. Don't forget to add --chroot /run/wsdd in the wsdd.conf file!

Here you can find more information about this specific setting.

Thanks for this great tool btw! Cheers!

Edit: OK - just saw that you modified the .service file here... My little contribution would be to set the folder rights to 0700 then!

[christgau]

I don't know if this issue has already been brought up or if it is even an issue, but this line of the .service file didn't work for me

This has already been addressed in c62f7a3c04d4da77baddd7f326d798c389c33e7b and in #109. It has also been released with v0.7.0, so you may consider to update. However, the service file is regarded as an example and might be adjusted to individual or distribution needs.

Thanks for this great tool btw!

Thanks.

Edit: OK - just saw that you modified the .service file here... My little contribution would be to set the folder rights to 0700 then!

Ah. Saw your edit after writing my reply. 😉

Closing the issue.