[Bug 1192174] New: Onedrive does not start after hardened systemd settings
http://bugzilla.opensuse.org/show_bug.cgi?id=1192174 Bug ID: 1192174 Summary: Onedrive does not start after hardened systemd settings Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs@suse.de Reporter: toganm@dinamizm.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Since updating onedrive to onedrive-2.4.13-2.1.x86_64, it does not start as a user service [toganm@desktop:~]> systemctl --user status onedrive ��� onedrive.service - OneDrive Free Client Loaded: loaded (/usr/lib/systemd/user/onedrive.service; enabled; vendor preset: disabled) Active: activating (auto-restart) (Result: exit-code) since Fri 2021-10-29 18:45:15 CEST; 1s ago Docs: https://github.com/abraunegg/onedrive Process: 21709 ExecStart=/usr/bin/onedrive --monitor (code=exited, status=218/CAPABILITIES) Main PID: 21709 (code=exited, status=218/CAPABILITIES) CPU: 2ms Before the update it was running fine. My take is something is broken with harden_onedrive patches. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1192174 http://bugzilla.opensuse.org/show_bug.cgi?id=1192174#c2 --- Comment #2 from Togan Muftuoglu <toganm@dinamizm.com> --- (In reply to Marcus Meissner from comment #1)
can you line by line revert the changes done in the harden_onedrive patch to see what caused it?
I have done with the following command systemctl --user edit --full onedrive.service The following seems to be problematic as far as I can tell #PrivateDevices=true #ProtectClock=true #ProtectKernelModules=true #ProtectKernelLogs=true so the ending working onedrive service is as follows # /home/toganm/.config/systemd/user/onedrive.service [Unit] Description=OneDrive Free Client Documentation=https://github.com/abraunegg/onedrive After=network-online.target Wants=network-online.target [Service] # added automatically, for details please see # https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ProtectSystem=full #PrivateDevices=true ProtectHostname=true #ProtectClock=true ProtectKernelTunables=true #ProtectKernelModules=true #ProtectKernelLogs=true ProtectControlGroups=true RestrictRealtime=true # end of automatic additions ExecStart=/usr/bin/onedrive --monitor Restart=on-failure RestartSec=3 RestartPreventExitStatus=3 [Install] WantedBy=default.target Here is the systemctl --user status onedrive.service output [toganm@desktop:~]> systemctl --user status onedrive.service ��� onedrive.service - OneDrive Free Client Loaded: loaded (/home/toganm/.config/systemd/user/onedrive.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2021-10-30 15:55:30 CEST; 3min 54s ago Docs: https://github.com/abraunegg/onedrive Main PID: 11122 (onedrive) Tasks: 8 (limit: 4915) Memory: 19.3M CPU: 2.933s CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/onedrive.service ������11122 /usr/bin/onedrive --monitor Oct 30 15:55:30 desktop systemd[1524]: Started OneDrive Free Client. Oct 30 15:55:30 desktop onedrive[11122]: onedrive.service: ProtectHostname=yes is configured, but UTS namespace setup is prohibited (container manager?), ignoring namespace setup. Oct 30 15:55:30 desktop onedrive[11122]: Configuration file successfully loaded Oct 30 15:55:30 desktop onedrive[11122]: Configuring Global Azure AD Endpoints Oct 30 15:55:31 desktop onedrive[11122]: Initializing the Synchronization Engine ... Oct 30 15:55:31 desktop onedrive[11122]: Initializing monitor ... Oct 30 15:55:31 desktop onedrive[11122]: OneDrive monitor interval (seconds): 45 Oct 30 15:58:50 desktop onedrive[11122]: Starting a sync with OneDrive Oct 30 15:58:50 desktop onedrive[11122]: Syncing changes from OneDrive ... Oct 30 15:58:51 desktop onedrive[11122]: Sync with OneDrive is complete Hope this helps -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1192174 http://bugzilla.opensuse.org/show_bug.cgi?id=1192174#c4 --- Comment #4 from Togan Muftuoglu <toganm@dinamizm.com> --- (In reply to Johannes Segitz from comment #3)
Thanks for checking this. I can't really see why this should cause issues with onedrive. I tried to test it myself but I currently can't get this working even without any hardening options in the service. I'll work with the maintainer to figure this out
Thanks for looking into it. With my previously mentioned modifications it has been running just fine (touch wood) ��� onedrive.service - OneDrive Free Client Loaded: loaded (/home/toganm/.config/systemd/user/onedrive.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2021-11-02 10:20:08 CET; 1 week 2 days ago Docs: https://github.com/abraunegg/onedrive Main PID: 1533 (onedrive) Tasks: 8 (limit: 4915) Memory: 35.5M CPU: 1h 45min 4.700s CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/onedrive.service ������1533 /usr/bin/onedrive --monitor Nov 11 16:11:20 desktop onedrive[1533]: Sync with OneDrive is complete Nov 11 16:15:15 desktop onedrive[1533]: Starting a sync with OneDrive Nov 11 16:15:15 desktop onedrive[1533]: Syncing changes from OneDrive ... Nov 11 16:15:18 desktop onedrive[1533]: Sync with OneDrive is complete Nov 11 16:19:08 desktop onedrive[1533]: Starting a sync with OneDrive Nov 11 16:19:08 desktop onedrive[1533]: Syncing changes from OneDrive ... Nov 11 16:19:10 desktop onedrive[1533]: Sync with OneDrive is complete Nov 11 16:23:02 desktop onedrive[1533]: Starting a sync with OneDrive Nov 11 16:23:02 desktop onedrive[1533]: Syncing changes from OneDrive ... Nov 11 16:23:04 desktop onedrive[1533]: Sync with OneDrive is complete -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1192174 http://bugzilla.opensuse.org/show_bug.cgi?id=1192174#c6 --- Comment #6 from Togan Muftuoglu <toganm@dinamizm.com> --- (In reply to Johannes Segitz from comment #5)
I still can't get this to work so I'll rely on you testing and sent https://build.opensuse.org/request/show/931743
here is my onedrive config sync_dir = "~/OneDrive" skip_file = "~*" monitor_interval = "45" skip_file = "~*|.~*|*.tmp|Documents/*.*|" log_dir = "/var/log/onedrive/" and it is still working systemctl --user status onedrive.service ��� onedrive.service - OneDrive Free Client Loaded: loaded (/home/toganm/.config/systemd/user/onedrive.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2021-11-02 10:20:08 CET; 2 weeks 0 days ago Docs: https://github.com/abraunegg/onedrive Main PID: 1533 (onedrive) Tasks: 8 (limit: 4915) Memory: 29.4M CPU: 2h 40min 20.168s CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/onedrive.service ������1533 /usr/bin/onedrive --monitor Nov 16 12:05:53 desktop onedrive[1533]: Sync with OneDrive is complete Nov 16 12:09:45 desktop onedrive[1533]: Starting a sync with OneDrive Nov 16 12:09:45 desktop onedrive[1533]: Syncing changes from OneDrive ... Nov 16 12:09:47 desktop onedrive[1533]: Sync with OneDrive is complete Nov 16 12:13:43 desktop onedrive[1533]: Starting a sync with OneDrive Nov 16 12:13:43 desktop onedrive[1533]: Syncing changes from OneDrive ... Nov 16 12:13:45 desktop onedrive[1533]: Sync with OneDrive is complete Nov 16 12:17:37 desktop onedrive[1533]: Starting a sync with OneDrive Nov 16 12:17:37 desktop onedrive[1533]: Syncing changes from OneDrive ... Nov 16 12:17:39 desktop onedrive[1533]: Sync with OneDrive is complete -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com