On Thu, Mar 13, 2025 at 4:54 PM Daniel Hast <hast.dan...@protonmail.com> wrote: > > Hello, > > I'm working on a shell script that makes use of run0, and I'm having trouble > figuring out how to escape a file path in the --property option. I want to > use --property="ProtectSystem=strict" and --property="ReadWritePaths=[...]" > to limit the transient service unit's write access to only the files it needs > access to (as a sandboxing measure), but one of the paths comes from user > input and could have any characters that are valid in a file path (including > spaces and, in principle, any Unicode characters except NUL), so it needs to > be escaped. > > I'm aware of systemd-escape but I'm unsure of how to use it with arguments to > run0; if I simply do something like > --property="ReadWritePaths=$(systemd-escape --path "$filename")", I get an > error: "Failed to start transient service unit: Invalid ReadWritePaths". But > if I pass in an unescaped filename with spaces, I also get this error. What's > the right way to do this?
Yes, the rules are not apparently documented. Looking in sources, the values are quoted using '...' or "...". My understanding is that '\' can be used to escape quote character itself.
