Open winterqt opened 2 years ago
According to systemd.exec(5).
If
DynamicUser=
is used, the logic forCacheDirectory=
,LogsDirectory=
andStateDirectory=
is slightly altered: the directories are created below/var/cache/private
,/var/log/private
and/var/lib/private
, respectively, which are host directories made inaccessible to unprivileged users, which ensures that access to these directories cannot be gained through dynamic user ID recycling. Symbolic links are created to hide this difference in behaviour. Both from perspective of the host and from inside the unit, the relevant directories hence always appear directly below/var/cache
,/var/log
and/var/lib
.
So you might want to persist /var/lib/private/<state directory name>
.
Can confirm persisting /var/lib/private/<state directory name>
works, thanks @linyinfeng!
When using systemd's DynamicUser and StateDirectory options together, and trying to persist
/var/lib/<service name>
, the service fails to start because systemd expects the directory not to exist in order to setup the directory. This is obviously incompatible with how we bind mount the directory, but a simple solution for this issue doesn't come to mind. This may be unfixable, but I figured I'd open a issue in case anyone has any ideas.