システムの実行(5)表現する以下は次のとおりですEnvironment=。
指定子拡張を実行します。 systemd.unit(5) の「指定子」セクションを参照してください。
システムの実行(5)表現する以下は次のとおりですEnvironmentFile=。
〜のように
Environment=
もしそうなら、systemdは実行指定子拡張を使用しますかEnvironmentFile=?
私はこれを予想しましたが、systemd 253.5でテストしたところ、これは使用されていませんEnvironmentFile=。
テストEnvironment=:
拡張するには:SECRET_FILE=/run/credentials/mycred1.service/mysecret
[root@mymachine:~]# systemctl cat mycred1.service
# /etc/systemd/system/mycred1.service
[Unit]
[Service]
Environment="LOCALE_ARCHIVE=/nix/store/5l0qzzkb3r3yxygdq3688fjcc18lwg3j-glibc-locales-2.37-8/lib/locale/locale-archive"
Environment="PATH=/nix/store/f11ibsj5vmqcy8ihfa8mzvpfs4af7cw5-coreutils-9.1/bin:/nix/store/jvh4fbqfxwwn162k5hb8ndc4h5555wfa-findutils-4.9.0/bin:/nix/store/rn5b13lbsslbvmmbqnqxdcagzqp4435w-gnugrep-3.7/bin:/nix/store/w64nwxs3r6cyqgy6ssxib5i2r6k8yfc2-gnused-4.9/bin:/nix/store/8lgs0dqh9ks1164fp4g14gq7w1ihjbf0-systemd-253.5/bin:/nix/store/f11ibsj5vmqcy8ihfa8mzvpfs4af7cw5-coreutils-9.1/sbin:/nix/store/jvh4fbqfxwwn162k5hb8ndc4h5555wfa-findutils-4.9.0/sbin:/nix/store/rn5b13lbsslbvmmbqnqxdcagzqp4435w-gnugrep-3.7/sbin:/nix/store/w64nwxs3r6cyqgy6ssxib5i2r6k8yfc2-gnused-4.9/sbin:/nix/store/8lgs0dqh9ks1164fp4g14gq7w1ihjbf0-systemd-253.5/sbin"
Environment="TZDIR=/nix/store/4faw3w020cjxvd1dnxhg73mi10wcxvpw-tzdata-2023c/share/zoneinfo"
DynamicUser=true
Environment=SECRET_FILE=%d/mysecret
ExecStart=/nix/store/wa8vcqsc5la5yxhazrq5rxmzy1y2igaj-unit-script-mycred1-start/bin/mycred1-start
LoadCredential=mysecret:/etc/hosts
[root@mymachine:~]# cat /nix/store/wa8vcqsc5la5yxhazrq5rxmzy1y2igaj-unit-script-mycred1-start/bin/mycred1-start
#!/nix/store/7q1b1bsmxi91zci6g8714rcljl620y7f-bash-5.2-p15/bin/bash
set -e
echo SECRET_FILE=${SECRET_FILE}
[root@mymachine:~]# systemctl start mycred1.service
[root@mymachine:~]# systemctl status mycred1.service
○ mycred1.service
Loaded: loaded (/etc/systemd/system/mycred1.service; linked; preset: enabled)
Active: inactive (dead)
Jul 18 07:24:21 mymachine systemd[1]: Started mycred1.service.
Jul 18 07:24:21 mymachine mycred1-start[4110]: SECRET_FILE=/run/credentials/mycred1.service/mysecret
Jul 18 07:24:21 mymachine systemd[1]: mycred1.service: Deactivated successfully.
テストEnvironmentFile=(ファイル内容の指定子):
拡張なし:SECRET_FILE=%d/mysecret
[root@mymachine:~]# systemctl cat mycred2.service
# /etc/systemd/system/mycred2.service
[Unit]
[Service]
Environment="LOCALE_ARCHIVE=/nix/store/5l0qzzkb3r3yxygdq3688fjcc18lwg3j-glibc-locales-2.37-8/lib/locale/locale-archive"
Environment="PATH=/nix/store/f11ibsj5vmqcy8ihfa8mzvpfs4af7cw5-coreutils-9.1/bin:/nix/store/jvh4fbqfxwwn162k5hb8ndc4h5555wfa-findutils-4.9.0/bin:/nix/store/rn5b13lbsslbvmmbqnqxdcagzqp4435w-gnugrep-3.7/bin:/nix/store/w64nwxs3r6cyqgy6ssxib5i2r6k8yfc2-gnused-4.9/bin:/nix/store/8lgs0dqh9ks1164fp4g14gq7w1ihjbf0-systemd-253.5/bin:/nix/store/f11ibsj5vmqcy8ihfa8mzvpfs4af7cw5-coreutils-9.1/sbin:/nix/store/jvh4fbqfxwwn162k5hb8ndc4h5555wfa-findutils-4.9.0/sbin:/nix/store/rn5b13lbsslbvmmbqnqxdcagzqp4435w-gnugrep-3.7/sbin:/nix/store/w64nwxs3r6cyqgy6ssxib5i2r6k8yfc2-gnused-4.9/sbin:/nix/store/8lgs0dqh9ks1164fp4g14gq7w1ihjbf0-systemd-253.5/sbin"
Environment="TZDIR=/nix/store/4faw3w020cjxvd1dnxhg73mi10wcxvpw-tzdata-2023c/share/zoneinfo"
DynamicUser=true
EnvironmentFile=/nix/store/x2ybfrhf1v3g7saadggkfap1134hnkv2-mysecret
ExecStart=/nix/store/prpm62xlw5q9lnrrxjkn8wqc3l7m9njy-unit-script-mycred2-start/bin/mycred2-start
LoadCredential=mysecret:/etc/hosts
[root@mymachine:~]# cat /nix/store/x2ybfrhf1v3g7saadggkfap1134hnkv2-mysecret
SECRET_FILE=%d/mysecret
[root@mymachine:~]# cat /nix/store/prpm62xlw5q9lnrrxjkn8wqc3l7m9njy-unit-script-mycred2-start/bin/mycred2-start
#!/nix/store/7q1b1bsmxi91zci6g8714rcljl620y7f-bash-5.2-p15/bin/bash
set -e
echo SECRET_FILE=${SECRET_FILE}
[root@mymachine:~]# systemctl start mycred2.service
[root@mymachine:~]# systemctl status mycred2.service
○ mycred2.service
Loaded: loaded (/etc/systemd/system/mycred2.service; linked; preset: enabled)
Active: inactive (dead)
Jul 18 07:25:24 mymachine systemd[1]: Started mycred2.service.
Jul 18 07:25:24 mymachine mycred2-start[4186]: SECRET_FILE=%d/mysecret
Jul 18 07:25:24 mymachine systemd[1]: mycred2.service: Deactivated successfully.
EnvironmentFile=(ファイルパスの指定子)を使用してテストします。
拡張なし:Failed to load environment files: No such file or directory
[root@mymachine:~]# systemctl cat mycred3.service
# /etc/systemd/system/mycred3.service
[Unit]
[Service]
Environment="LOCALE_ARCHIVE=/nix/store/5l0qzzkb3r3yxygdq3688fjcc18lwg3j-glibc-locales-2.37-8/lib/locale/locale-archive"
Environment="PATH=/nix/store/f11ibsj5vmqcy8ihfa8mzvpfs4af7cw5-coreutils-9.1/bin:/nix/store/jvh4fbqfxwwn162k5hb8ndc4h5555wfa-findutils-4.9.0/bin:/nix/store/rn5b13lbsslbvmmbqnqxdcagzqp4435w-gnugrep-3.7/bin:/nix/store/w64nwxs3r6cyqgy6ssxib5i2r6k8yfc2-gnused-4.9/bin:/nix/store/8lgs0dqh9ks1164fp4g14gq7w1ihjbf0-systemd-253.5/bin:/nix/store/f11ibsj5vmqcy8ihfa8mzvpfs4af7cw5-coreutils-9.1/sbin:/nix/store/jvh4fbqfxwwn162k5hb8ndc4h5555wfa-findutils-4.9.0/sbin:/nix/store/rn5b13lbsslbvmmbqnqxdcagzqp4435w-gnugrep-3.7/sbin:/nix/store/w64nwxs3r6cyqgy6ssxib5i2r6k8yfc2-gnused-4.9/sbin:/nix/store/8lgs0dqh9ks1164fp4g14gq7w1ihjbf0-systemd-253.5/sbin"
Environment="TZDIR=/nix/store/4faw3w020cjxvd1dnxhg73mi10wcxvpw-tzdata-2023c/share/zoneinfo"
EnvironmentFile=%d/myenv
ExecStart=/nix/store/779g5cfp6yq0lcpd4snmikxk1bkvfh4n-unit-script-mycred3-start/bin/mycred3-start
LoadCredential=myenv:/etc/myenv
[root@mymachine:~]# l /etc/myenv
-rw-r--r-- 1 root root 23 2023-07-18 08:33:21 /etc/myenv
[root@mymachine:~]# cat /etc/myenv
SECRET_FILE=/etc/hosts
[root@mymachine:~]# cat /nix/store/779g5cfp6yq0lcpd4snmikxk1bkvfh4n-unit-script-mycred3-start/bin/mycred3-start
#!/nix/store/7q1b1bsmxi91zci6g8714rcljl620y7f-bash-5.2-p15/bin/bash
set -e
echo SECRET_FILE=${SECRET_FILE}
[root@mymachine:~]# systemctl start mycred3.service
Job for mycred3.service failed because of unavailable resources or another system error.
See "systemctl status mycred3.service" and "journalctl -xeu mycred3.service" for details.
[root@mymachine:~]# systemctl status mycred3.service
× mycred3.service
Loaded: loaded (/etc/systemd/system/mycred3.service; linked; preset: enabled)
Active: failed (Result: resources)
IP: 0B in, 0B out
CPU: 0
Jul 18 08:34:59 mymachine systemd[1]: mycred3.service: Failed to load environment files: No such file or directory
Jul 18 08:34:59 mymachine systemd[1]: mycred3.service: Failed to run 'start' task: No such file or directory
Jul 18 08:34:59 mymachine systemd[1]: mycred3.service: Failed with result 'resources'.
Jul 18 08:34:59 mymachine systemd[1]: Failed to start mycred3.service.
ベストアンサー1
指定子拡張はsで実行されますが、EnvironmentFile指定子拡張は設定に渡された値に対して行われます。したがって、の場合、EnvironmentFile値はファイルパスです。いいえ文書の内容。
ただし、特に資格情報がロードされる前に%dsを読み取ることができるため、有用な指定子ではない可能性があります。次の場所にあるコードを確認してください。EnvironmentFile%dポイントバウチャーがロードされました。、ファイルの環境変数は次のとおりです。すでに利用可能- 引数はファイルの環境変数を含む関数setup_credentials()から呼び出されます。exec_childfiles_env
持つ環境を通じた資格証明の提供に関するいくつかの議論しかし、Lennart Poetteringは、「権限変換があっても、環境変数は基本的にツリーに沿って継承されるため、これは安全ではありません」と主張しました。したがって、これは安全でないことをより困難にするための意図的な設計選択です。