私はsystemd 253.5を使用していますが、私の目標はDynamicUser=GNU Mailutils 3.15を使用してこのコマンドを介してmail電子メールを送信することです。
[[email protected]:~]# systemctl cat [email protected]
# /etc/systemd/system/[email protected]
[Unit]
After=network.target
Description=Unit Status Mail Notifier
[Service]
Environment="LOCALE_ARCHIVE=/nix/store/5l0qzzkb3r3yxygdq3688fjcc18lwg3j-glibc-locales-2.37-8/lib/locale/locale-archive"
Environment="PATH=/nix/store/n0wyrb99dxinh0y6rjixmqdgvbm57fa6-mailutils-3.15/bin:/nix/store/f11ibsj5vmqcy8ihfa8mzvpfs4af7cw5-coreutils-9.1/bin:/nix/store/jvh4fbqfxwwn162k5hb8ndc4h5555wfa-findutils-4.9.0/bin:/nix/store/rn5b13lbsslbvmmbqnqxdcagzqp4435w-gnugrep-3.7/bin:/nix/store/w64nwxs3r6cyqgy6ssxib5i2r6k8yfc2-gnused-4.9/bin:/nix/store/8lgs0dqh9ks1164fp4g14gq7w1ihjbf0-systemd-253.5/bin:/nix/store/n0wyrb99dxinh0y6rjixmqdgvbm57fa6-mailutils-3.15/sbin:/nix/store/f11ibsj5vmqcy8ihfa8mzvpfs4af7cw5-coreutils-9.1/sbin:/nix/store/jvh4fbqfxwwn162k5hb8ndc4h5555wfa-findutils-4.9.0/sbin:/nix/store/rn5b13lbsslbvmmbqnqxdcagzqp4435w-gnugrep-3.7/sbin:/nix/store/w64nwxs3r6cyqgy6ssxib5i2r6k8yfc2-gnused-4.9/sbin:/nix/store/8lgs0dqh9ks1164fp4g14gq7w1ihjbf0-systemd-253.5/sbin"
Environment="TZDIR=/nix/store/4faw3w020cjxvd1dnxhg73mi10wcxvpw-tzdata-2023c/share/zoneinfo"
CapabilityBoundingSet=
ExecStart=/nix/store/1asmwq09fdn42k8rw09ps3jwsq6b0pqf-unit-status-mail/bin/unit-status-mail "[email protected]" "[email protected]" %I \
" Pretty hostname: Server 1" \
" Authoritative FQDN: server1.example.com" \
" Machine ID: %m" \
" Boot ID: %b"
IPAddressDeny=any
LockPersonality=true
MemoryDenyWriteExecute=true
PrivateDevices=true
PrivateNetwork=true
PrivateTmp=true
ProtectControlGroups=true
ProtectHostname=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
RemoveIPC=true
RestrictAddressFamilies=AF_UNIX
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
SystemCallFilter=@system-service
SystemCallFilter=~@privileged
SystemCallFilter=~@resources
Type=simple
UMask=0077
[[email protected]:~]# cat /nix/store/1asmwq09fdn42k8rw09ps3jwsq6b0pqf-unit-status-mail/bin/unit-status-mail
#!/nix/store/7q1b1bsmxi91zci6g8714rcljl620y7f-bash-5.2-p15/bin/bash
MAILTO="$1"
MAILFROM="$2"
UNIT="$3"
EXTRA=""
for e in "${@:4}"; do
EXTRA+="$e"$'\n'
done
UNITSTATUS="$(systemctl status $UNIT)"
mail \
--content-type 'text/plain; charset=utf-8' \
--append=From:"$MAILFROM" \
--subject="Status for unit: $UNIT" \
"$MAILTO" <<EOF
Status report for unit: $UNIT
$EXTRA
$UNITSTATUS
EOF
DynamicUser=ProtectSystem=strictこれは、私のデバイスがGNU Mailutils 3.15を使用して電子メールを送信するのを防ぐことを意味しますmail: cannot send message: Process exited with a non-zero status。それはそれでうまくいきますProtectSystem=full。
これを使用して再び機能できると思いますReadWritePaths=が、どのパスが必要かわかりません。
GNU Mailutilsが動作するには、systemdデバイスにどのパスが必要ですか?