From: Lennart Poettering Date: Tue, 14 Nov 2017 09:51:09 +0000 (+0100) Subject: man: document > /dev/stderr pitfalls (#7317) X-Git-Tag: v236~219 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b0e8cec2dd9fdd1bded53837f3d68cd4093ac572;p=platform%2Fupstream%2Fsystemd.git man: document > /dev/stderr pitfalls (#7317) Fixes: #7254 See: #2473 --- diff --git a/man/systemd-run.xml b/man/systemd-run.xml index 7477195..2c74c1f 100644 --- a/man/systemd-run.xml +++ b/man/systemd-run.xml @@ -244,7 +244,15 @@ When both and are used in combination the more appropriate option is automatically determined and used. Specifically, when invoked with standard input, output and error - connected to a TTY is used, and otherwise . + connected to a TTY is used, and otherwise . + + When this option is used the original file descriptors systemd-run receives are passed + to the service processes as-is. If the service runs with different privileges than + systemd-run, this means the service might not be able to re-open the passed file + descriptors, due to normal file descriptor access restrictions. If the invoked process is a shell script that + uses the echo "hello" > /dev/stderr construct for writing messages to stderr, this might + cause problems, as this only works if stderr can be re-opened. To mitigate this use the construct echo + "hello" >&2 instead, which is mostly equivalent and avoids this pitfall. diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 18cfe6b..fb5c080 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -624,14 +624,19 @@ If the standard output (or error output, see below) of a unit is connected to the journal, syslog or the kernel log buffer, the unit will implicitly gain a dependency of type After= on - systemd-journald.socket (also see the "Implicit Dependencies" section above). + systemd-journald.socket (also see the "Implicit Dependencies" section above). Also note + that in this case stdout (or stderr, see below) will be an AF_UNIX stream socket, and not + a pipe or FIFO that can be re-opened. This means when executing shell scripts the construct echo + "hello" > /dev/stderr for writing text to stderr will not work. To mitigate this use the construct + echo "hello" >&2 instead, which is mostly equivalent and avoids this pitfall. This setting defaults to the value set with in systemd-system.conf5, which defaults to . Note that setting this parameter might result in additional dependencies to be - added to the unit (see above). + added to the unit (see above). +