portable service with read-only image and trusted profile has no writable /tmp

[AlbanBedel]

systemd version the issue has been seen with

247.6

Expected behaviour you didn't see

Portable services should always have a writable /tmp

Unexpected behaviour you saw

/tmp is not writable with the trusted profile and a read-only image

Steps to reproduce the problem

Create a squashfs image that need to write to /tmp and start it with the trusted profile.

All profiles except trusted have DynamicUser=yes set, which imply PrivateTmp=yes, as a result the portable service always have a writable /tmp, even with a read only image. There is no such option in the trusted profile, so if the image is read-only /tmp is not writable by default.

Even if the image is writable we probably don't want writes to /tmp to modify the image, so it should either use the host /tmp or its own tmpfs.

[yuwata]

v247 is slightly old here. Is it possible to reproduce the issue with a recent release?

[AlbanBedel]

The strict profile has not changed since then that's why I reported it beside the old version. Just to be sure I tested on another machine with v249 and the behavior is still the same.

[yuwata]

There is no such option in the trusted profile, so if the image is read-only /tmp is not writable by default.

Ah, sorry, I misunderstood the report.

[yuwata]

Maybe, we should append PrivateTmp=yes when the image is read-only.