Running Debian9 with systemd 241-3~bpo9+1 from backports. Having trouble to start rsyslog service in chroot jail using the systemd service file with RootDirectory and User settings. Setting AmbientCapabilities=CAP_SYS_CHROOT does not help and still getting following errors:
rsyslog-chroot@inst.service: Changing to the requested working directory failed: Operation not permitted rsyslog-chroot@inst.service: Failed at step CHROOT spawning /usr/sbin/rsyslogd: Operation not permitted rsyslog-chroot@inst.service: Main process exited, code=exited, status=210/CHROOT Any idea how to get it working properly? Starting without the User setting is working just fine. The workaround might be to set the $PrivDropToUser setting in rsyslog configutation. Service file: [Unit] Description=System Logging Service in chroot /srv/%i ConditionPathExists=/srv/%i [Service] Type=simple User=eset Group=eset PermissionsStartOnly=true WorkingDirectory=/var/spool/rsyslog AmbientCapabilities=CAP_SYS_CHROOT RootDirectory=/srv/%i RootDirectoryStartOnly=true ExecStart=/usr/sbin/rsyslogd -n StandardOutput=journal [Install] WantedBy=multi-user.target Alias=syslog-chroot.service -- Peter
