This is a suggestion to the functionality of 66.
For those confused, Build= is described here.

Presently, [with Build=auto i.e.] the stdin/out redirection , retrieving fds from fdholder, dropping privs, execl-envfile, etc.. are handled by certain chainloaders before the actual Execute=() part
These work ONLY with Build=auto

There is even a warning in the wiki that "RunAs=" will not take effect with Build=custom.

My suggestion to fix this is:
whenever Build = custom, write Execute=() into 'execute.start' file rather than 'run'.
The 'run' file will exec into 'execute.start', after the chainloaders.

This can reduce the disparities between Build = auto and custom, while retaining the flexibility.

  • eric replied to this.

    Actually, you hit a bug of the documentation. Shame on me!

    pramodvu My suggestion to fix this is:
    whenever Build = custom, write Execute=() into 'execute.start' file rather than 'run'.
    The 'run' file will exec into 'execute.start', after the chainloaders.

    This is more or less what it do.
    The run file call the 66-execute program which do redirection,environment and uid/gid management and create the run.user file whatever the Build key value. At the end of preparation process, it execute the run.user file.

    So the differences between Build=custom and Build=auto are:

    • It do not substitute variable from environment variables into the script with Build=auto.
    • The shebang must be define at the very start of the script with Build=auto.

    Thanks for your reports.

      Great, something is fixed.

      Powered by Obarun