What | Removed | Added |
---|---|---|
Flags | needinfo?(timuzhti@gmail.com) | |
CC | timuzhti@gmail.com |
(In reply to Muzhi Tian from comment #0) > This is a pretty minor issue but without WorkingDirectory= set, the > ExecStop= command (/usr/bin/boinccmd --quit) does not actually function > because it can't find the gui_rpc_auth.cfg file. This causes the unit to > report failure every time it's stopped. > > According to documentation, boinccmd checks three places for the password > (it doesn't have a --datadir option). Changing the working directory to > either /var/lib/boinc or ~ (which is the same thing by default) seems to be > the easiest way to resolve this, since /etc/boinc-client/ and > /var/lib/boinc-client are not used by default. > > I'm not really sure which of the two options would be better. Using the home > directory of the boinc user would probably make it easier to reconfigure to > another directory, but I'm not sure that's worth it. It might be even better > to somehow pull $BOINC_BOINC_DIR into WorkingDirectory= but systemd doesn't > seem to support this. > > Another quirk uncovered looking at the logs is that systemd apparently > interprets /lockfile as part of the variable name, sample log message as > follows: > > (rm): boinc-client.service: Invalid environment variable name evaluates to > an empty string: BOINC_BOINC_DIR/lockfile > > This can be avoided by wrapping the variable name in braces, > ExecStopPost=/bin/rm -f ${BOINC_BOINC_DIR}/lockfile though I'm not sure if > this is actually a systemd issue. > > Finally, the upstream unit file at > https://github.com/BOINC/boinc/blob/master/client/scripts/boinc-client. > service.in includes a couple of systemd hardening options. Some of these are > off by default because Atlas requires setuid root, but the three options > limiting the read/write access of the unit to the boinc directory only might > be worthwhile. > > ProtectSystem=full > ProtectControlGroups=true > ReadWritePaths=-/var/lib/boinc -/etc/boinc-client Hi, you have a project in OBS here: https://build.opensuse.org/package/show/home:timuzhti/boinc-client Why didn't you just fix it and created a submit request ?