23 Srp
2022
23 Srp
'22
11:03
Le mardi 23 août 2022 à 10:10 +0200, Bastien Durel a écrit :
Le mardi 23 août 2022 à 07:38 +0200, Daniel Salzman a
écrit :
I've straced the culprit :
1450856 stat("/run/pcscd/pcscd.comm", 0x7fb2a6a61b20) = -1 ENOENT (No such file
or directory)
With the given override, it works :
# /etc/systemd/system/knot.service.d/override.conf
[Service]
BindPaths=/run/pcscd
Hiding /run may be a little bit too strict ? The opensc-pkcs11 reads
the /run/pcscd/pcscd.comm socket, maybe other pkcs#11 modules uses
other files ?
Regards,
--
Bastien
Bastien,
I suspect it's related to systemd service changes (main commit
https://gitlab.nic.cz/knot/knot-dns/-/commit/e152a4c21e0f34bece12eb68af61e5…
).
Especially the TemporaryFileSystem setting. You can try extending
it
with some /usr value. I will try to reproduce the issue using
softhsm.
Daniel
Hello,
I can confirm removing the line "TemporaryFileSystem=/run:ro /var:ro"
from unit make knot able to use the HSM key
As /usr is not listed, it should be left untouched in the FS
namespace,
I'll try to dig a little bit more