sentriz
commented
9 months ago oh interesting. which OS?
Closed Glandos closed 8 months ago
sentriz
commented
9 months ago oh interesting. which OS?
Glandos
commented
9 months ago Debian/testing, but I think that this "particular setup" comes from my systemd unit:
root@belette64/u/l/bin> systemctl cat gonic.service
# /etc/systemd/system/gonic.service
[Unit]
Description=Gonic Subsonic API server
After=network.target
[Service]
Type=simple
DynamicUser=yes
Group=nas
StateDirectory=gonic
CacheDirectory=gonic
ConfigurationDirectory=gonic
Restart=on-failure
RestartSec=10
ExecStart=/usr/local/bin/gonic -config-path /etc/gonic/config
MemoryDenyWriteExecute=true
# See https://github.com/sentriz/gonic/issues/391
Environment=XDG_CACHE_HOME=/var/cache/gonic/
[Install]
WantedBy=multi-user.target
# /etc/systemd/system/gonic.service.d/00security.conf
[Service]
SystemCallFilter=@system-service
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=strict
PrivateUsers=yes
PrivateTmp=yes
NoNewPrivileges=yes
ProtectClock=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectProc=invisible
ProcSubset=pid
CapabilityBoundingSet=
RestrictRealtime=yes
ProtectHostname=yes
RestrictNamespaces=yes
LockPersonality=yes
RestrictSUIDSGID=yes
ProtectControlGroups=yes
RemoveIPC=yes
SystemCallArchitectures=native
Adding the Environment= line makes it happy though :)
sentriz
commented
9 months ago hm I suppose that since you created a specific gonic user without a home dir, there was no xdg cache dir found.
yeah I think you're right in reusing the cache-path for the MPV socket is best. since it's required to be defined
gonic version: 0.16
if from docker, docker tag: if from source, git tag/branch: b17e76ea730e213d99a164c8ddff2c4b951f7f1f
It seems that a669ba8598381016a8b1ca8c551eb5d6d35b1c90 introduced
os.UserCacheDir()which fails.I expect gonic to use
cache-pathfrom the configuration.