diff options
author | Lennart Poettering <lennart@poettering.net> | 2017-11-14 10:51:09 +0100 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2017-11-14 10:51:09 +0100 |
commit | b0e8cec2dd9fdd1bded53837f3d68cd4093ac572 (patch) | |
tree | 380a0d113a1f3fe881a4c77f9daa1c99f6132ee4 /man | |
parent | 99c1401807abd432a526c2a75dd02d723f9630a0 (diff) | |
download | systemd-b0e8cec2dd9fdd1bded53837f3d68cd4093ac572.tar.gz |
man: document > /dev/stderr pitfalls (#7317)
Fixes: #7254
See: #2473
Diffstat (limited to 'man')
-rw-r--r-- | man/systemd-run.xml | 10 | ||||
-rw-r--r-- | man/systemd.exec.xml | 9 |
2 files changed, 16 insertions, 3 deletions
diff --git a/man/systemd-run.xml b/man/systemd-run.xml index 7477195dab..2c74c1f39c 100644 --- a/man/systemd-run.xml +++ b/man/systemd-run.xml @@ -244,7 +244,15 @@ <para>When both <option>--pipe</option> and <option>--pty</option> are used in combination the more appropriate option is automatically determined and used. Specifically, when invoked with standard input, output and error - connected to a TTY <option>--pty</option> is used, and otherwise <option>--pipe</option>.</para></listitem> + connected to a TTY <option>--pty</option> is used, and otherwise <option>--pipe</option>.</para> + + <para>When this option is used the original file descriptors <command>systemd-run</command> receives are passed + to the service processes as-is. If the service runs with different privileges than + <command>systemd-run</command>, this means the service might not be able to re-open the passed file + descriptors, due to normal file descriptor access restrictions. If the invoked process is a shell script that + uses the <command>echo "hello" > /dev/stderr</command> construct for writing messages to stderr, this might + cause problems, as this only works if stderr can be re-opened. To mitigate this use the construct <command>echo + "hello" >&2</command> instead, which is mostly equivalent and avoids this pitfall.</para></listitem> </varlistentry> <varlistentry> diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 18cfe6b90a..fb5c080616 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -624,14 +624,19 @@ <para>If the standard output (or error output, see below) of a unit is connected to the journal, syslog or the kernel log buffer, the unit will implicitly gain a dependency of type <varname>After=</varname> on - <filename>systemd-journald.socket</filename> (also see the "Implicit Dependencies" section above).</para> + <filename>systemd-journald.socket</filename> (also see the "Implicit Dependencies" section above). Also note + that in this case stdout (or stderr, see below) will be an <constant>AF_UNIX</constant> stream socket, and not + a pipe or FIFO that can be re-opened. This means when executing shell scripts the construct <command>echo + "hello" > /dev/stderr</command> for writing text to stderr will not work. To mitigate this use the construct + <command>echo "hello" >&2</command> instead, which is mostly equivalent and avoids this pitfall.</para> <para>This setting defaults to the value set with <option>DefaultStandardOutput=</option> in <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, which defaults to <option>journal</option>. Note that setting this parameter might result in additional dependencies to be - added to the unit (see above).</para></listitem> + added to the unit (see above).</para> + </listitem> </varlistentry> <varlistentry> |