diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2025-01-14 16:05:33 +0100 |
|---|---|---|
| committer | Luca Boccassi <luca.boccassi@gmail.com> | 2025-01-14 22:07:06 +0100 |
| commit | bbe9e03f8066d1001497494ee862cf45f986b854 (patch) | |
| tree | 0748b979e4cb35a23ed6a3d4c4deb23304c90ee6 /man/systemd-notify.xml | |
| parent | mkosi: Install libxslt on CentOS/Fedora instead of xsltproc (diff) | |
| download | systemd-bbe9e03f8066d1001497494ee862cf45f986b854.tar.xz systemd-bbe9e03f8066d1001497494ee862cf45f986b854.zip | |
man: Clarify systemd-notify and sd_notify() PID documentation
Let's clarify more explicitly that privileged calls to
systemd-notify --pid= and sd_pid_notify() effectively override any
configured NotifyAccess=main|exec for a service.
Diffstat (limited to 'man/systemd-notify.xml')
| -rw-r--r-- | man/systemd-notify.xml | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/man/systemd-notify.xml b/man/systemd-notify.xml index 55bb8c59cf..9a66721a61 100644 --- a/man/systemd-notify.xml +++ b/man/systemd-notify.xml @@ -125,12 +125,19 @@ argument is specified as <literal>self</literal>, the PID of the <command>systemd-notify</command> command itself is used, and if <literal>parent</literal> is specified the calling process' PID is used — even if it is the service manager. <option>--pid=auto</option> is equivalent to <command>systemd-notify - MAINPID=$PID</command>. For details about the semantics of this option see + --pid=$PID</command>. For details about the semantics of this option see <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para> - <para>If this switch is used in an <command>systemd-notify</command> invocation from a process that - shall become the new main process of a service — and which is not the process forked off by the - service manager (or the current main process) —, then it is essential to set + <para><command>systemd-notify</command> will first attempt to invoke <function>sd_notify()</function> + pretending to have the PID specified with <option>--pid=</option>. This will only succeed when + invoked with sufficient privileges. On failure, it will then fall back to invoking it under its own + PID. Effectively, this means that a privileged invocation of <command>systemd-notify --pid=</command> + may circumvent <varname>NotifyAccess=main</varname> or <varname>NotifyAccess=exec</varname> + restrictions enforced for a service.</para> + + <para>If this switch is used in an unprivileged <command>systemd-notify</command> invocation from a + process that shall become the new main process of a service — and which is not the process forked off + by the service manager (or the current main process) —, then it is essential to set <varname>NotifyAccess=all</varname> in the service unit file, or otherwise the notification will be ignored for security reasons. See <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> |