Package: krb5-kdc Version: 1.12.1+dfsg-18 Severity: grave /lib/systemd/system/krb5-kdc.service contains:
[Service]
InaccessibleDirectories=/etc/ssh /etc/ssl/private /root
so starting the unit will fail if one of the directories is missing:
Mar 20 08:44:09 bokassa systemd[1191]: Failed at step NAMESPACE spawning
/usr/sbin/krb5kdc: Operation not permitted
Since none of these directories are provided by the package or one of
its dependencies they should all be marked as optional.
systemd.exec(5) explains how to solve this:
Paths in ReadOnlyDirectories= and InaccessibleDirectories= may be
prefixed with "-", in which case they will be ignored when they do
not exist.
The same applies to krb5-admin-server.service in the krb5-admin-server
package.
And both packages should really switch from /var/run to /run.
--
ciao,
Marco
pgpx8LCl1ca3c.pgp
Description: PGP signature

