diff options
author | Steve8291 <hambling8@gmail.com> | 2020-08-25 07:08:34 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-25 07:08:34 -0400 |
commit | 293351b4618bdb943b63238c16ced94a9242bdec (patch) | |
tree | 155a9cecefe23a10079fef867b6e279c1027b4d6 | |
parent | 11c610af7417ffa8903b40f940a94b4099b4eab7 (diff) |
Remove PrivateMounts (#9619)
Since commit #9234 the following has been showing up in my journal logs:
> /lib/systemd/system/netdata.service:63: Unknown lvalue 'PrivateMounts' in section 'Service'
Running `systemd-analyze verify netdata.service`
> /lib/systemd/system/netdata.service:63: Unknown lvalue 'PrivateMounts' in section 'Service'
> Attempted to remove disk file system, and we can't allow that.
It would appear that the `Attempted to remove disk file system, and we can't allow that.` message is due to a [bug](https://github.com/systemd/systemd/issues/8592) in version 237 of systemd, which is what my Ubuntu 18.04 is currently running. But that doesn't explain the "PrivateMounts" issue.
Looking at the [systemd man page](https://www.freedesktop.org/software/systemd/man/systemd.exec.html) for PrivateMounts it would seem that we do not need the `PrivateMounts=true` setting because the service file has `ProtectSystem=full` set:
> Other file system namespace unit settings — PrivateMounts=, PrivateTmp=, PrivateDevices=, ProtectSystem=, ProtectHome=, ReadOnlyPaths=, InaccessiblePaths=, ReadWritePaths=, … — also enable file system namespacing in a fashion equivalent to this option. Hence it is primarily useful to explicitly request this behaviour if none of the other settings are used.
I have tested this on Ubuntu 18.04 and everything seems to be working fine.
-rw-r--r-- | system/netdata.service.in | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/system/netdata.service.in b/system/netdata.service.in index 978998bac1..8c7c7f3d12 100644 --- a/system/netdata.service.in +++ b/system/netdata.service.in @@ -61,7 +61,6 @@ ProtectHome=read-only # PrivateTmp break netdatacli functionality. See - https://github.com/netdata/netdata/issues/7587 #PrivateTmp=true ProtectControlGroups=true -PrivateMounts=true # We whitelist this because it's the standard location to listen on a UNIX socket. ReadWriteDirectories=/run/netdata |