You are not logged in.

Pages: 1

#1 2023-09-05 00:03:45

t-sourcemaker
Member
Registered: 2015-02-01
Posts: 7

Radicale: git post-commit hook (send email)

I want to use a post-commit hook that sends me a mail locally when a git commit is made.
Unfortunately, the mail delivery fails.

message=$(git log -1)
mail -s "Radicale Commit" root <<< $message

Result:

sendmail: fatal: inet_addr_local[getifaddrs]: getifaddrs: Address family not supported by protocol

When I run the script manually with my own user it works.
What permission in the systemd service file for radicale do I need to set for this to work?

[Unit]
Description=radicale - A simple CalDAV (calendar) and CardDAV (contact) server
After=syslog.target network.target
Requires=network.target

[Service]
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
ExecStart=/usr/bin/radicale
Group=radicale
IPAccounting=true
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=strict
RemoveIPC=true
Restart=on-failure
RestrictAddressFamilies=~AF_PACKET AF_NETLINK AF_UNIX
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
StateDirectory=radicale
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
SystemCallFilter=@system-service
SystemCallFilter=~@resources
UMask=0027
User=radicale

[Install]
WantedBy=multi-user.target

Offline

#2 2023-09-05 05:10:47

3beb6e7c46a615a
Member
Registered: 2021-03-27
Posts: 165

Re: Radicale: git post-commit hook (send email)

I think you'll want to enable the AF_INET and AF_INET6 address families, to allow to create TCP connections to your SMTP server for everything that runs within the scope of this service, which includes your script apparently.

You'll definitively also want to read systemd.exec(5) on all these directives, because they'll likely affect your script in other ways, too.

Last edited by 3beb6e7c46a615a (2023-09-05 05:12:18)

Offline

#3 2023-09-05 05:15:43

Awebb
Member
Registered: 2010-05-06
Posts: 6,311

Re: Radicale: git post-commit hook (send email)

Does your script have a shebang?

Offline

#4 2023-09-06 21:08:10

t-sourcemaker
Member
Registered: 2015-02-01
Posts: 7

Re: Radicale: git post-commit hook (send email)

Shebang exists:
#!/bin/sh

AF_INET and AF_INET6 does not solve the problem.

Offline

#5 2023-09-07 04:47:11

3beb6e7c46a615a
Member
Registered: 2021-03-27
Posts: 165

Re: Radicale: git post-commit hook (send email)

How does the service file look like now?  Did you restart the entire service after making this change?

If it still doesn't work you'll need to remove the sandboxing options one by one to see what's the issue.

Try to remove the address family restriction entirely first; you're going to allow internet traffic anyway, so there's not much point in keeping an address family restriction.

Offline

Pages: 1

Board footer

Powered by FluxBB