Make supportconfig without impacting the system (eg. running under systemd-run) #245
Description
Recently, https://bugzilla.suse.com/show_bug.cgi?id=1236947 revealed that running supportconfig might change the system (no, supportconfig is not culprint here but it spawns many commands which might have issues/side-effects).
IMO, we can run it in a way that it would never modify the system. I haven't spent long time about this, but this might be considered:
$ env SYSTEMD_LOG_LEVEL=debug systemd-run \
--pty \
--working-directory=/ \
--property=ProtectSystem=strict \
--property=ProtectHome=yes \
--property=ReadWritePaths="/tmp /var/run/supportconfig" \
/sbin/supportconfig -R /tmpThis issue is more a brain-storming...
However, some paths look different...
# /bin/findmnt
TARGET SOURCE FSTYPE OPTIONS
/ /dev/vda3 xfs ro,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota
|-/dev devtmpfs devtmpfs rw,nosuid,size=4096k,nr_inodes=3199501,mode=755,inode64
| |-/dev/shm tmpfs tmpfs rw,nosuid,nodev,inode64
| |-/dev/pts devpts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000
| |-/dev/hugepages hugetlbfs hugetlbfs rw,nosuid,nodev,relatime,pagesize=2M
| `-/dev/mqueue mqueue mqueue rw,nosuid,nodev,noexec,relatime
|-/sys sysfs sysfs rw,nosuid,nodev,noexec,relatime
| |-/sys/kernel/security securityfs securityfs rw,nosuid,nodev,noexec,relatime
| |-/sys/fs/cgroup cgroup2 cgroup2 rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot
| |-/sys/fs/pstore pstore pstore rw,nosuid,nodev,noexec,relatime
| |-/sys/firmware/efi/efivars efivarfs efivarfs rw,nosuid,nodev,noexec,relatime
| |-/sys/fs/bpf bpf bpf rw,nosuid,nodev,noexec,relatime,mode=700
| |-/sys/kernel/debug debugfs debugfs rw,nosuid,nodev,noexec,relatime
| | `-/sys/kernel/debug/tracing tracefs tracefs rw,nosuid,nodev,noexec,relatime
| |-/sys/kernel/tracing tracefs tracefs rw,nosuid,nodev,noexec,relatime
| |-/sys/fs/fuse/connections fusectl fusectl rw,nosuid,nodev,noexec,relatime
| `-/sys/kernel/config configfs configfs rw,nosuid,nodev,noexec,relatime
|-/proc proc proc rw,nosuid,nodev,noexec,relatime
| `-/proc/sys/fs/binfmt_misc systemd-1 autofs rw,relatime,fd=32,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=23904
| `-/proc/sys/fs/binfmt_misc binfmt_misc binfmt_misc rw,nosuid,nodev,noexec,relatime
|-/run tmpfs tmpfs ro,nosuid,nodev,size=5124880k,nr_inodes=819200,mode=755,inode64
| |-/run/user tmpfs[/systemd/inaccessible/dir] tmpfs ro,nosuid,nodev,noexec,size=5124880k,nr_inodes=819200,mode=755,inode64
| |-/run/credentials tmpfs[/systemd/inaccessible/dir] tmpfs ro,nosuid,nodev,noexec,size=5124880k,nr_inodes=819200,mode=755,inode64
| |-/run/systemd/incoming tmpfs[/systemd/propagate/run-u131.service] tmpfs ro,nosuid,nodev,size=5124880k,nr_inodes=819200,mode=755,inode64
| `-/run/supportconfig tmpfs[/supportconfig] tmpfs rw,nosuid,nodev,size=5124880k,nr_inodes=819200,mode=755,inode64
|-/boot/efi /dev/vda2 vfat ro,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro
|-/hana /dev/mapper/0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-2 xfs ro,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota
|-/home tmpfs[/systemd/inaccessible/dir] tmpfs ro,nosuid,nodev,noexec,size=5124880k,nr_inodes=819200,mode=755,inode64
|-/root tmpfs[/systemd/inaccessible/dir] tmpfs ro,nosuid,nodev,noexec,size=5124880k,nr_inodes=819200,mode=755,inode64
`-/tmp /dev/vda3[/tmp] xfs rw,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota