cookiez/pam-fprint-grosshack
1
0
Fork 0
mirror of https://gitlab.com/mishakmak/pam-fprint-grosshack.git synced 2026-04-08 20:03:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

data: tell systemd to create state directory

Browse Source 
If the directory referred to by ReadWritePaths= does not exist, the
service fails to start:

    systemd[1]: Starting Fingerprint Authentication Daemon...
    systemd[9736]: fprintd.service: Failed to set up mount namespacing: No such file or directory
    systemd[9736]: fprintd.service: Failed at step NAMESPACE spawning /usr/lib/fprintd/fprintd: No such file or directory
    systemd[1]: fprintd.service: Main process exited, code=exited, status=226/NAMESPACE
    systemd[1]: fprintd.service: Failed with result 'exit-code'.
    systemd[1]: Failed to start Fingerprint Authentication Daemon.

This may happen when booting with an empty /var filesystem.

For a system service, "StateDirectory=fprint" causes /var/lib/fprint and
any parent directories to be created if missing (with mode 0755 by
default, owned by the user and group of the service, which in this case
is root).  In combination with ProtectSystem=strict, this state
directory will be mounted read-write.  StateDirectory was introduced in
systemd 235, so require at least this version.

The /var/lib prefix is hardcoded in systemd. (Since systemd 240, the
full path(s) to StateDirectory are provided as $STATE_DIRECTORY, but
since it is always /var/lib, we continue to just hardcode that path.)

On non-systemd systems, since fprintd runs as root with no confinement,
it can create its state directory as needed (with g_mkdir_with_parents()
in file_storage_print_data_save()).
This commit is contained in:
Will Thompson
2019-03-04 10:26:53 +00:00
committed by Will Thompson
parent 9ed8767cb3
commit 94a9815362
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@ -60,6 +60,8 @@ AC_ARG_WITH([systemdsystemunitdir],
[],
[with_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)])
AS_IF([test "x$with_systemdsystemunitdir" != "xno"], [
# StateDirectory was introduced in systemd 235
PKG_CHECK_MODULES(SYSTEMD, systemd >= 235)
AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir])
])
AM_CONDITIONAL(HAVE_SYSTEMD, [test -n "$systemdsystemunitdir"])

3
data/fprintd.service.in
View File

@ -11,7 +11,8 @@ ExecStart=@libexecdir@/fprintd
ProtectSystem=strict
ProtectKernelTunables=true
ProtectControlGroups=true
ReadWritePaths=/var/lib/fprint
# This always corresponds to /var/lib/fprint
StateDirectory=fprint
ProtectHome=true
PrivateTmp=true