Bug ID 966223
Summary Permission denied if run as systemd service
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.1
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Basesystem
Assignee bnc-team-screening@forge.provo.novell.com
Reporter fvogt@suse.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Running openQA on Leap 42.1.
openqa workers are started with the following service file:

> [Unit]
> Description=openQA Worker #%i
> Wants=apache2.service openqa-webui.service network.target
> After=apache2.service openqa-webui.service network.target openqa-slirpvde.service
> PartOf=openqa-worker.target
> 
> [Service]
> Type=simple
> PermissionsStartOnly=True
> ExecStartPre=/usr/bin/install -d -m 0755 -o %u /var/lib/openqa/pool/%i
> ExecStart=/usr/share/openqa/script/worker --instance %i
> User=_openqa-worker
> KillMode=mixed
> 
> [Install]
> WantedBy=multi-user.target

So the perl script is started as _openqa-worker user.
This works fine for normal use, but if networking (VDE or OVS) is enabled, it
causes various permission denied errors.
Currently it's failing when trying to execute a binary (vdecmd/unixcmd), for no
apparent reason. Before that it failed when accessing tapX IFs.

As those didn't make any sense (Owner of the files/taps was _openqa-worker) I
tried starting the workers manually with "sudo -u _openqa-worker", which works
just fine.

Is this a configuration issue (what's the difference between
"User=_openqa-worker" and "sudo -u _openqa-worker"?) or a genuine bug?

You are receiving this mail because: