http://bugzilla.opensuse.org/show_bug.cgi?id=966223 Bug ID: 966223 Summary: Permission denied if run as systemd service Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening@forge.provo.novell.com Reporter: fvogt@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Running openQA on Leap 42.1. openqa workers are started with the following service file:
[Unit] Description=openQA Worker #%i Wants=apache2.service openqa-webui.service network.target After=apache2.service openqa-webui.service network.target openqa-slirpvde.service PartOf=openqa-worker.target
[Service] Type=simple PermissionsStartOnly=True ExecStartPre=/usr/bin/install -d -m 0755 -o %u /var/lib/openqa/pool/%i ExecStart=/usr/share/openqa/script/worker --instance %i User=_openqa-worker KillMode=mixed
[Install] WantedBy=multi-user.target
So the perl script is started as _openqa-worker user. This works fine for normal use, but if networking (VDE or OVS) is enabled, it causes various permission denied errors. Currently it's failing when trying to execute a binary (vdecmd/unixcmd), for no apparent reason. Before that it failed when accessing tapX IFs. As those didn't make any sense (Owner of the files/taps was _openqa-worker) I tried starting the workers manually with "sudo -u _openqa-worker", which works just fine. Is this a configuration issue (what's the difference between "User=_openqa-worker" and "sudo -u _openqa-worker"?) or a genuine bug? -- You are receiving this mail because: You are on the CC list for the bug.