Merge pull request #5977 from computezrmle/revise_boinc-client_service

Revert to 'ProtectSystem=strict' in boinc-client.service and make '/tmp' writable
BOINC · Jan 10, 2025 · 5e329cd · 5e329cd
2 parents 627e344 + cd3ad4e
commit 5e329cd
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/client/scripts/boinc-client.service.in b/client/scripts/boinc-client.service.in
@@ -7,9 +7,9 @@ After=vboxdrv.service network-online.target
 [Service]
 Type=simple
 ProtectHome=true
-ProtectSystem=full
+ProtectSystem=strict
 ProtectControlGroups=true
-ReadWritePaths=-/var/lib/boinc -/etc/boinc-client
+ReadWritePaths=-/var/lib/boinc -/etc/boinc-client -/tmp
 Nice=10
 User=boinc
 WorkingDirectory=/var/lib/boinc

diff --git a/tests/linux_package_integration_tests.py b/tests/linux_package_integration_tests.py
@@ -148,7 +148,8 @@ def test_user(self):
     def test_selected_values_from_boinc_client_service_file(self):
         ts = testset.TestSet("Test selected values from the '/usr/lib/systemd/system/boinc-client.service' file")
         data = self._get_key_value_pairs_from_file("/usr/lib/systemd/system/boinc-client.service")
-        ts.expect_equal(data["ReadWritePaths"], "-/var/lib/boinc -/etc/boinc-client", "Test 'ReadWritePaths' is correctly set")
+        ts.expect_equal(data["ProtectSystem"], "strict", "Test 'ProtectSystem' is correctly set")
+        ts.expect_equal(data["ReadWritePaths"], "-/var/lib/boinc -/etc/boinc-client -/tmp", "Test 'ReadWritePaths' is correctly set")
         ts.expect_equal(data["User"], "boinc", "Test 'User' is correctly set")
         ts.expect_equal(data["WorkingDirectory"], "/var/lib/boinc", "Test 'WorkingDirectory' is correctly set")
         ts.expect_equal(data["ExecStart"], "/usr/local/bin/boinc", "Test 'ExecStart' is correctly set")