-
-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
systemd's PermissionsStartOnly is deprecated #53852
Comments
For context, here are the docs that are now no longer there:
|
@nh2 in a lot of cases, the |
The change looks easy enough. I propose we target 19.09 to deprecate this option in the NixOS systemd module with a warning and fix all of our modules until then. |
@fpletz That sounds good to me. |
@aanderse From a quick look, the approach looks correct to me. I'd mention this issue in each commit message though so that people can easily find this issue from them. |
This issue has been mentioned on NixOS Discourse. There might be relevant details there: |
I'm trying to package a Django app, and need to make its How do I do that with |
This issue has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/systemd-services-should-allow-running-commands-as-root/5036/17 |
This issue has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/systemd-services-should-allow-running-commands-as-root/5036/18 |
I think a workaround for that is to use 1
|
If the user specificed in the unit owns the files in |
I marked this as stale due to inactivity. → More info |
This is not stale. There's still a lot of modules using |
For NixOS 23.05:
Based on the maintenance data in there:
This would bring us to 30 with non-explicit maintainers on them, I will try to look in the Git history when I have time. |
blackfire explictly removes it
I guess that should be fine :) |
Shame on me! :) Thank you! |
This should work as a drop-in replacement and satisfy NixOS#53852.
See systemd/systemd#10802:
PermissionsStartOnly
is deprecated (but not yet removed); the replacement are theSpecial executable prefixes
mentioned in https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=.We have many occurrences this in nixpkgs (as per commit ad23ea3):
It's not urgent, as it still works right now, but it's problematic that you can't any longer find any docs about a feature that we use almost everywhere.
Fixing it isn't totally trivial because
PermissionsStartOnly
is/was a separate setting, but with the new approach we actually have to write characters in front ofExecStartPre
lines and so on.Edit: Another key problem is that
serviceConfig
is an attrset, so you cannot use it to do what systemd allows: Creating multipleExecStart
lines (or similar lines) like:because in an attrset there can be only 1
ExecStart
. Edit: Likely workaround for that in #53852 (comment).The text was updated successfully, but these errors were encountered: