Christian Wittmer changed bug 1227092
What Removed Added
Flags   needinfo?(timuzhti@gmail.com)
CC   timuzhti@gmail.com

Comment # 2 on bug 1227092 from Christian Wittmer 
(In reply to Muzhi Tian from comment #0)
> This is a pretty minor issue but without WorkingDirectory= set, the
> ExecStop= command (/usr/bin/boinccmd --quit) does not actually function
> because it can't find the gui_rpc_auth.cfg file. This causes the unit to
> report failure every time it's stopped.
> 
> According to documentation, boinccmd checks three places for the password
> (it doesn't have a --datadir option). Changing the working directory to
> either /var/lib/boinc or ~ (which is the same thing by default) seems to be
> the easiest way to resolve this, since /etc/boinc-client/ and
> /var/lib/boinc-client are not used by default.
> 
> I'm not really sure which of the two options would be better. Using the home
> directory of the boinc user would probably make it easier to reconfigure to
> another directory, but I'm not sure that's worth it. It might be even better
> to somehow pull $BOINC_BOINC_DIR into WorkingDirectory= but systemd doesn't
> seem to support this.
> 
> Another quirk uncovered looking at the logs is that systemd apparently
> interprets /lockfile as part of the variable name, sample log message as
> follows:
> 
> (rm): boinc-client.service: Invalid environment variable name evaluates to
> an empty string: BOINC_BOINC_DIR/lockfile
> 
> This can be avoided by wrapping the variable name in braces,
> ExecStopPost=/bin/rm -f ${BOINC_BOINC_DIR}/lockfile though I'm not sure if
> this is actually a systemd issue.
> 
> Finally, the upstream unit file at
> https://github.com/BOINC/boinc/blob/master/client/scripts/boinc-client.
> service.in includes a couple of systemd hardening options. Some of these are
> off by default because Atlas requires setuid root, but the three options
> limiting the read/write access of the unit to the boinc directory only might
> be worthwhile.
> 
> ProtectSystem=full
> ProtectControlGroups=true
> ReadWritePaths=-/var/lib/boinc -/etc/boinc-client

Hi,

you have a project in OBS here:
https://build.opensuse.org/package/show/home:timuzhti/boinc-client

Why didn't you just fix it and created a submit request ?

You are receiving this mail because: