-
Notifications
You must be signed in to change notification settings - Fork 460
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revert to 'ProtectSystem=strict' in boinc-client.service and make '/tmp' writable #5977
Revert to 'ProtectSystem=strict' in boinc-client.service and make '/tmp' writable #5977
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Copilot wasn't able to review any files in this pull request.
Files not reviewed (1)
- client/scripts/boinc-client.service.in: Language not supported
@Germano0, @lfield, could you please review this PR? |
Add '-/tmp' to 'ReadWritePaths'.
Done. |
Add test for 'ProtectSystem=strict'.
LGTM. Tested. |
I am against messing up for the n-th time with boinc-client systemd unit file unless URL of of failed boinc working unit is being provided.
Also, in #4953 you were not using boinc-client systemd unit file, but a custom one |
I don't agree with arguments like "I am against messing up for the n-th time ...". I remember the discussion #4953 you mentioned. The solution here is to make Whether the systemd service file is taken from the BOINC package or not is not relevant here. |
BOINC volunteers running VirtualBox tasks on Linux occasionally report errors like this if BOINC runs as a systemd service:
Usually this can be tracked down to a too restrictive setting in BOINC's systemd file:
ProtectSystem=strict
In most cases experienced volunteers suggest to replace
strict
withfull
, runsystemctl daemon-reload
and restart BOINC.This works since - unlike
strict
-full
leaves/tmp
writable for BOINC and it's child processes.The disadvantage is that it also leaves many other directories writable.
A better solution might be to leave
strict
and make/tmp
writable which can be configured usingReadWritePaths=
.Background details
From the systemd manual
From the VirtualBox manual