시스템 실행(5)표현하다다음은 다음과 같습니다 Environment=.
지정자 확장을 수행합니다. systemd.unit(5)의 "지정자" 섹션을 참조하세요.
시스템 실행(5)표현하다다음은 다음과 같습니다 EnvironmentFile=.
~처럼
Environment=
그렇다면 systemd는 실행 지정자 확장을 사용합니까 EnvironmentFile=?
나는 이것을 예상했지만 systemd 253.5에서 테스트한 결과 이것이 사용되지 않은 것으로 나타났습니다 EnvironmentFile=.
시험 Environment=:
확장하려면:SECRET_FILE=/run/credentials/mycred1.service/mysecret
[root@mymachine:~]# systemctl cat mycred1.service
# /etc/systemd/system/mycred1.service
[Unit]
[Service]
Environment="LOCALE_ARCHIVE=/nix/store/5l0qzzkb3r3yxygdq3688fjcc18lwg3j-glibc-locales-2.37-8/lib/locale/locale-archive"
Environment="PATH=/nix/store/f11ibsj5vmqcy8ihfa8mzvpfs4af7cw5-coreutils-9.1/bin:/nix/store/jvh4fbqfxwwn162k5hb8ndc4h5555wfa-findutils-4.9.0/bin:/nix/store/rn5b13lbsslbvmmbqnqxdcagzqp4435w-gnugrep-3.7/bin:/nix/store/w64nwxs3r6cyqgy6ssxib5i2r6k8yfc2-gnused-4.9/bin:/nix/store/8lgs0dqh9ks1164fp4g14gq7w1ihjbf0-systemd-253.5/bin:/nix/store/f11ibsj5vmqcy8ihfa8mzvpfs4af7cw5-coreutils-9.1/sbin:/nix/store/jvh4fbqfxwwn162k5hb8ndc4h5555wfa-findutils-4.9.0/sbin:/nix/store/rn5b13lbsslbvmmbqnqxdcagzqp4435w-gnugrep-3.7/sbin:/nix/store/w64nwxs3r6cyqgy6ssxib5i2r6k8yfc2-gnused-4.9/sbin:/nix/store/8lgs0dqh9ks1164fp4g14gq7w1ihjbf0-systemd-253.5/sbin"
Environment="TZDIR=/nix/store/4faw3w020cjxvd1dnxhg73mi10wcxvpw-tzdata-2023c/share/zoneinfo"
DynamicUser=true
Environment=SECRET_FILE=%d/mysecret
ExecStart=/nix/store/wa8vcqsc5la5yxhazrq5rxmzy1y2igaj-unit-script-mycred1-start/bin/mycred1-start
LoadCredential=mysecret:/etc/hosts
[root@mymachine:~]# cat /nix/store/wa8vcqsc5la5yxhazrq5rxmzy1y2igaj-unit-script-mycred1-start/bin/mycred1-start
#!/nix/store/7q1b1bsmxi91zci6g8714rcljl620y7f-bash-5.2-p15/bin/bash
set -e
echo SECRET_FILE=${SECRET_FILE}
[root@mymachine:~]# systemctl start mycred1.service
[root@mymachine:~]# systemctl status mycred1.service
○ mycred1.service
Loaded: loaded (/etc/systemd/system/mycred1.service; linked; preset: enabled)
Active: inactive (dead)
Jul 18 07:24:21 mymachine systemd[1]: Started mycred1.service.
Jul 18 07:24:21 mymachine mycred1-start[4110]: SECRET_FILE=/run/credentials/mycred1.service/mysecret
Jul 18 07:24:21 mymachine systemd[1]: mycred1.service: Deactivated successfully.
테스트 EnvironmentFile=(파일 내용의 지정자):
확장 없음:SECRET_FILE=%d/mysecret
[root@mymachine:~]# systemctl cat mycred2.service
# /etc/systemd/system/mycred2.service
[Unit]
[Service]
Environment="LOCALE_ARCHIVE=/nix/store/5l0qzzkb3r3yxygdq3688fjcc18lwg3j-glibc-locales-2.37-8/lib/locale/locale-archive"
Environment="PATH=/nix/store/f11ibsj5vmqcy8ihfa8mzvpfs4af7cw5-coreutils-9.1/bin:/nix/store/jvh4fbqfxwwn162k5hb8ndc4h5555wfa-findutils-4.9.0/bin:/nix/store/rn5b13lbsslbvmmbqnqxdcagzqp4435w-gnugrep-3.7/bin:/nix/store/w64nwxs3r6cyqgy6ssxib5i2r6k8yfc2-gnused-4.9/bin:/nix/store/8lgs0dqh9ks1164fp4g14gq7w1ihjbf0-systemd-253.5/bin:/nix/store/f11ibsj5vmqcy8ihfa8mzvpfs4af7cw5-coreutils-9.1/sbin:/nix/store/jvh4fbqfxwwn162k5hb8ndc4h5555wfa-findutils-4.9.0/sbin:/nix/store/rn5b13lbsslbvmmbqnqxdcagzqp4435w-gnugrep-3.7/sbin:/nix/store/w64nwxs3r6cyqgy6ssxib5i2r6k8yfc2-gnused-4.9/sbin:/nix/store/8lgs0dqh9ks1164fp4g14gq7w1ihjbf0-systemd-253.5/sbin"
Environment="TZDIR=/nix/store/4faw3w020cjxvd1dnxhg73mi10wcxvpw-tzdata-2023c/share/zoneinfo"
DynamicUser=true
EnvironmentFile=/nix/store/x2ybfrhf1v3g7saadggkfap1134hnkv2-mysecret
ExecStart=/nix/store/prpm62xlw5q9lnrrxjkn8wqc3l7m9njy-unit-script-mycred2-start/bin/mycred2-start
LoadCredential=mysecret:/etc/hosts
[root@mymachine:~]# cat /nix/store/x2ybfrhf1v3g7saadggkfap1134hnkv2-mysecret
SECRET_FILE=%d/mysecret
[root@mymachine:~]# cat /nix/store/prpm62xlw5q9lnrrxjkn8wqc3l7m9njy-unit-script-mycred2-start/bin/mycred2-start
#!/nix/store/7q1b1bsmxi91zci6g8714rcljl620y7f-bash-5.2-p15/bin/bash
set -e
echo SECRET_FILE=${SECRET_FILE}
[root@mymachine:~]# systemctl start mycred2.service
[root@mymachine:~]# systemctl status mycred2.service
○ mycred2.service
Loaded: loaded (/etc/systemd/system/mycred2.service; linked; preset: enabled)
Active: inactive (dead)
Jul 18 07:25:24 mymachine systemd[1]: Started mycred2.service.
Jul 18 07:25:24 mymachine mycred2-start[4186]: SECRET_FILE=%d/mysecret
Jul 18 07:25:24 mymachine systemd[1]: mycred2.service: Deactivated successfully.
EnvironmentFile=(파일 경로의 지정자)를 사용하여 테스트합니다.
확장 없음:Failed to load environment files: No such file or directory
[root@mymachine:~]# systemctl cat mycred3.service
# /etc/systemd/system/mycred3.service
[Unit]
[Service]
Environment="LOCALE_ARCHIVE=/nix/store/5l0qzzkb3r3yxygdq3688fjcc18lwg3j-glibc-locales-2.37-8/lib/locale/locale-archive"
Environment="PATH=/nix/store/f11ibsj5vmqcy8ihfa8mzvpfs4af7cw5-coreutils-9.1/bin:/nix/store/jvh4fbqfxwwn162k5hb8ndc4h5555wfa-findutils-4.9.0/bin:/nix/store/rn5b13lbsslbvmmbqnqxdcagzqp4435w-gnugrep-3.7/bin:/nix/store/w64nwxs3r6cyqgy6ssxib5i2r6k8yfc2-gnused-4.9/bin:/nix/store/8lgs0dqh9ks1164fp4g14gq7w1ihjbf0-systemd-253.5/bin:/nix/store/f11ibsj5vmqcy8ihfa8mzvpfs4af7cw5-coreutils-9.1/sbin:/nix/store/jvh4fbqfxwwn162k5hb8ndc4h5555wfa-findutils-4.9.0/sbin:/nix/store/rn5b13lbsslbvmmbqnqxdcagzqp4435w-gnugrep-3.7/sbin:/nix/store/w64nwxs3r6cyqgy6ssxib5i2r6k8yfc2-gnused-4.9/sbin:/nix/store/8lgs0dqh9ks1164fp4g14gq7w1ihjbf0-systemd-253.5/sbin"
Environment="TZDIR=/nix/store/4faw3w020cjxvd1dnxhg73mi10wcxvpw-tzdata-2023c/share/zoneinfo"
EnvironmentFile=%d/myenv
ExecStart=/nix/store/779g5cfp6yq0lcpd4snmikxk1bkvfh4n-unit-script-mycred3-start/bin/mycred3-start
LoadCredential=myenv:/etc/myenv
[root@mymachine:~]# l /etc/myenv
-rw-r--r-- 1 root root 23 2023-07-18 08:33:21 /etc/myenv
[root@mymachine:~]# cat /etc/myenv
SECRET_FILE=/etc/hosts
[root@mymachine:~]# cat /nix/store/779g5cfp6yq0lcpd4snmikxk1bkvfh4n-unit-script-mycred3-start/bin/mycred3-start
#!/nix/store/7q1b1bsmxi91zci6g8714rcljl620y7f-bash-5.2-p15/bin/bash
set -e
echo SECRET_FILE=${SECRET_FILE}
[root@mymachine:~]# systemctl start mycred3.service
Job for mycred3.service failed because of unavailable resources or another system error.
See "systemctl status mycred3.service" and "journalctl -xeu mycred3.service" for details.
[root@mymachine:~]# systemctl status mycred3.service
× mycred3.service
Loaded: loaded (/etc/systemd/system/mycred3.service; linked; preset: enabled)
Active: failed (Result: resources)
IP: 0B in, 0B out
CPU: 0
Jul 18 08:34:59 mymachine systemd[1]: mycred3.service: Failed to load environment files: No such file or directory
Jul 18 08:34:59 mymachine systemd[1]: mycred3.service: Failed to run 'start' task: No such file or directory
Jul 18 08:34:59 mymachine systemd[1]: mycred3.service: Failed with result 'resources'.
Jul 18 08:34:59 mymachine systemd[1]: Failed to start mycred3.service.
답변1
지정자 확장은 s 에서 수행되지만 EnvironmentFile지정자 확장은 설정에 전달된 값에 대해 수행됩니다. 따라서 의 경우 EnvironmentFile값은 파일 경로이고,아니요문서 내용.
그러나 특히 자격 증명이 로드되기 전에 %ds를 읽을 수 있으므로 유용한 지정자가 아닐 수 있습니다. 다음 위치에 있는 코드를 확인하세요.EnvironmentFile%d포인트 바우처가 로드되었습니다., 파일의 환경 변수는 다음과 같습니다.이미 사용 가능- 인수가 파일의 환경 변수를 포함하는 함수 setup_credentials()에서 호출됩니다 .exec_childfiles_env
가지다환경을 통한 자격 증명 제공에 대한 일부 논의, 그러나 Lennart Poettering은 "권한 변환이 있더라도 환경 변수는 기본적으로 트리를 따라 상속되기 때문에 이것은 안전하지 않은 것이 아닙니다"라고 주장했습니다. 따라서 이는 안전하지 않은 일을 더 어렵게 만들기 위한 의도적인 설계 선택일 수 있습니다.