wenil/busbar-designer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

systemd: redirect HOME / XDG dirs into project so ProtectHome stays on

Browse Source 
ezdxf, matplotlib, and other Python libs try to write into $HOME/.config
and $HOME/.cache. With ProtectHome=true the real /home/busbar is invisible
to the service and pathlib.Path.exists() throws PermissionError.

Fix: set HOME, XDG_CONFIG_HOME, XDG_CACHE_HOME to /opt/busbar-designer/data/*
which is already in ReadWritePaths. Hardening (ProtectHome) stays intact.

install.sh also pre-creates the .config / .cache subdirs.
This commit is contained in:
wenil
2026-05-25 09:38:39 +03:00
parent a16952f7c5
commit 1fadef0b3f
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy/install.sh
+5 -2
View File
@@ -88,8 +88,11 @@ sudo -u "$SVC_USER" "$INSTALL_DIR/.venv/bin/pip" install --upgrade pip
sudo -u "$SVC_USER" "$INSTALL_DIR/.venv/bin/pip" install \
-r "$INSTALL_DIR/requirements.txt" gunicorn
# ---- data dir (for SQLite) -------------------------------------------------
sudo -u "$SVC_USER" mkdir -p "$INSTALL_DIR/data"
# ---- data + XDG dirs (for SQLite, ezdxf config, build123d cache) -----------
sudo -u "$SVC_USER" mkdir -p \
"$INSTALL_DIR/data" \
"$INSTALL_DIR/data/.config" \
"$INSTALL_DIR/data/.cache"
# ---- systemd unit ----------------------------------------------------------
log "Installing systemd unit..."