My host is on a dynamic IP address (IPv4 only), which it receives via
DHCP from my provider. So far, I have been using ISC dhclient for this,
the network interface being marked as unmanaged in its .network file.
But since dhclient isn't maintained any more, I am exploring ways to
replace it wit
I am creating a systemd service that contains the three lines below:
TemporaryFileSystem = %E
BindReadOnlyPaths = %E/hosts
NetworkNamespacePath = /var/run/netns/vpnlink
So the service runs in a network namespace of its own. The problem is
that I cannot mount '/etc/hosts' into the tmpfs:
root@
es PrivateMounts ofc.
On 9/14/24 17:06, Thomas Köller wrote:
I am writing a service that does the following:
1. Uses 'NetworkNamespacePath = /var/run/netns/vpnlink'
2. Uses 'TemporaryFileSystem = %E' to create it's own /etc
3. Runs the 'dhclient' command to
I am writing a service that does the following:
1. Uses 'NetworkNamespacePath = /var/run/netns/vpnlink'
2. Uses 'TemporaryFileSystem = %E' to create it's own /etc
3. Runs the 'dhclient' command to configure a network interface
The dhclient command is supposed to create (or modifiy)
/etc/resol
In 'man systemd.service', the description of ExecCondition= states:
when an ExecCondition= command exits with exit code 1 through 254
(inclusive), the remaining commands are skipped and the unit is not
marked as failed
What exactly does 'the remaining commands' mean? Other commands from
sub
Am 06.09.24 um 11:04 schrieb Andrei Borzenkov:
You need to quote $ to pass it to the shell.
ExecStart = sh -c 'echo Res: $${VAR#abc-}'
Yes, this works. However, I didn't find this anywhere in the systemd man
pages. What I found was escaping using a backslash, but that didn't work.
I am having problems expanding environment variables in a service file.
This test serivice illustrates the problem:
root@yoga:/etc/systemd/system# cat varexp.service
[Unit]
Description = Test environment variable expansion
[Service]
Type = oneshot
Environment = "VAR=abc-xyz"
ExecStart = sh -c '
On 18.07.24 16:37, Thomas Köller wrote:
In a service file I am creating I use the BindReadOnlyPaths statement
like this:
root@htpc:~# cat /etc/systemd/system/vpn.service
[Unit]
Before = systemd-networkd.service
After = network-setup.service
Requisite = network-setup.service
In a service file I am creating I use the BindReadOnlyPaths statement
like this:
root@htpc:~# cat /etc/systemd/system/vpn.service
[Unit]
Before = systemd-networkd.service
After = network-setup.service
Requisite = network-setup.service
ConditionPathExists = /run/systemd/network/50-tap_vpn.networ
Am 18.07.24 um 14:04 schrieb Mantas Mikulėnas:
Yes, but namespace persistence actually relies on filesystem access –
it's implemented as a bind-mount of the namespace file descriptor (onto
/run/netns for the 'ip netns' tool), as otherwise namespaces only exist
as long as processes that hold the
Does it use any hardening options at all?
Thanks for the hint. As it seems this is an undocumented side effect of
'ProtectSystem = full'. From reading the docs I got the impression that
only file system access is affected by this parameter.
Am 18.07.24 um 12:18 schrieb Mantas Mikulėnas:
Would really like to see the contents of the .service file. Does it use
any hardening options at all?
root@htpc:~/netsu# cat /etc/systemd/system/network-setup.service
[Unit]
Before = systemd-networkd.service
Before = network-setup.service
[Service]
Hi,
I have a problem creating a namespace from a systemd service. The
service (type oneshot) invokes a shell script containing these two lines:
ip netns add vpnlink
iw phy phy0 set netns name vpnlink
Both commands succeed, meaning they do not return an error, and so the
service start
I cannot start the 'ssh' command from a systemd service. A very simple
service file demonstrates the problem:
# /run/systemd/system/ssh-test.service
[Unit]
[Service]
Type = oneshot
ExecStart = /usr/bin/ssh -V
[root@raspi-400 ~]# systemctl start ssh-test.service
Job for ssh-test.service fail
O.k., I found the problem. The router advertisement is sent from the
router's link-local address, and therefore the RouterAllowList entry in
the [IPv6AcceptRA] section was blocking it.
Am 10.02.23 um 13:15 schrieb Thomas Köller:
Hi,
I encountered a problem configuring a network inte
Hi,
I encountered a problem configuring a network interface via DHCPv6,
using the attached .network file. The interface does receive router
announcements with the 'managed' flag set, as indicated by the following
tcpdump output:
[root@raspi-400 ~]# tcpdump -i vpn_sarkovy -v '(icmp6 and (ip6
I have the following lines im a .network file:
[RoutingPolicyRule]
Priority = 10
IncomingInterface = lo
OutgoingInterface = bo_lan
DestinationPort = 22
IPProtocol = tcp
Family = both
InvertRule = yes
Table = 100
[Route]
Gateway = 192.168.0.1
GatewayOnLink = yes
Destination = 0.0.0.0/0
Scope = li
I am trying to build a VPN tunnel through a tun interface created by
sshd. The tun interface is to be added to an existing bridge interface.
For this purpose I created a .network file (see below). However, the
operation fails, without systemd-networkd giving a useful error message
beyond 'Inval
18 matches
Mail list logo
