Merge pull request #30712 from peterhoeg/f/service

systemd user services shouldn't run as root and other "non-interactive" users
This commit is contained in:
Peter Hoeg 2019-08-02 11:58:27 +08:00 committed by GitHub
commit f2639566b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 3 additions and 0 deletions

View File

@ -235,6 +235,7 @@ in
systemd.user.services.ssh-agent = mkIf cfg.startAgent systemd.user.services.ssh-agent = mkIf cfg.startAgent
{ description = "SSH Agent"; { description = "SSH Agent";
wantedBy = [ "default.target" ]; wantedBy = [ "default.target" ];
unitConfig.ConditionUser = "!@system";
serviceConfig = serviceConfig =
{ ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent"; { ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent";
ExecStart = ExecStart =

View File

@ -48,6 +48,7 @@ in {
requires = [ "keybase.service" ]; requires = [ "keybase.service" ];
after = [ "keybase.service" ]; after = [ "keybase.service" ];
path = [ "/run/wrappers" ]; path = [ "/run/wrappers" ];
unitConfig.ConditionUser = "!@system";
serviceConfig = { serviceConfig = {
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${cfg.mountPoint}"; ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${cfg.mountPoint}";
ExecStart = "${pkgs.kbfs}/bin/kbfsfuse ${toString cfg.extraFlags} ${cfg.mountPoint}"; ExecStart = "${pkgs.kbfs}/bin/kbfsfuse ${toString cfg.extraFlags} ${cfg.mountPoint}";

View File

@ -26,6 +26,7 @@ in {
systemd.user.services.keybase = { systemd.user.services.keybase = {
description = "Keybase service"; description = "Keybase service";
unitConfig.ConditionUser = "!@system";
serviceConfig = { serviceConfig = {
ExecStart = '' ExecStart = ''
${pkgs.keybase}/bin/keybase service --auto-forked ${pkgs.keybase}/bin/keybase service --auto-forked