warning_exe syntax for root commands

[loic-favier]

Hi,

First of all, thank you for your tool, very apreciate it :)

I try to run a swapoff -a && swapon -a by warning_exe attribute of the config file, but i issue in errors because swapoff and swapon need to be run as superuser.

I have try :
warning_exe = sudo swapoff -a && sudo swapon -a"
but got

nov. 06 14:44:39 loicf sudo[735209]: root : PWD=/ ; USER=root ; COMMAND=/usr/sbin/swapoff -a && sudo swapon -a
nov. 06 14:44:39 loicf sudo[735209]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=0)
nov. 06 14:44:39 loicf nohang-desktop[735210]: swapoff: Vous n'êtes pas le superutilisateur.
nov. 06 14:44:39 loicf sudo[735209]: pam_unix(sudo:session): session closed for user root
nov. 06 14:44:39 loicf nohang-desktop[735201]: Executing Command-1 ['sudo', 'swapoff', '-a', '&&', 'sudo', 'swapon', '-a'] with timeout 20.0s in Thread-1 (exe)
nov. 06 14:44:39 loicf nohang-desktop[735201]: Command-1 execution completed in 0.016s; exit status: 16

or warning_exe = sudo su -c "swapoff -a && swapon -a"
and got

nov. 06 14:33:51 loicf nohang-desktop[727276]: Executing Command-7 ['sudo', 'su', '-c', 'swapoff -a && swapon -a'] with timeout 20.0s in Thread-7 (exe)
nov. 06 14:33:51 loicf sudo[730138]: root : PWD=/ ; USER=root ; COMMAND=/usr/bin/su -c 'swapoff -a && swapon -a'
nov. 06 14:33:51 loicf sudo[730138]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=0)
nov. 06 14:33:51 loicf su[730139]: (to root) root on none
nov. 06 14:33:51 loicf su[730139]: pam_intune(su:session): No authtok available; password policies will fail: Aucune donnée spécifique au module présente
nov. 06 14:33:51 loicf su[730139]: pam_unix(su:session): session opened for user root(uid=0) by (uid=0)
nov. 06 14:33:52 loicf nohang-desktop[730151]: swapoff: Vous n'êtes pas le superutilisateur.
nov. 06 14:33:52 loicf su[730139]: pam_unix(su:session): session closed for user root
nov. 06 14:33:52 loicf sudo[730138]: pam_unix(sudo:session): session closed for user root
nov. 06 14:33:52 loicf nohang-desktop[727276]: Command-7 execution completed in 0.364s; exit status: 16

How can i do this ?

[hakavlad]

Hi!

https://github.com/hakavlad/nohang/blob/master/systemd/nohang-desktop.service.in

CapabilityBoundingSet=CAP_KILL CAP_IPC_LOCK CAP_SYS_PTRACE \
CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID \
CAP_SYS_RESOURCE CAP_SYSLOG

The problem may be related to the CapabilityBoundingSet settings in your systemd unit file. This parameter restricts the set of capabilities available to the process started by this unit. If the necessary capabilities for executing the swapoff and swapon commands are not included in the CapabilityBoundingSet, it can lead to errors related to insufficient permissions.

For managing swap operations, the following capabilities may be required:

CAP_SYS_ADMIN: This capability is necessary for performing memory management operations, including swap.
CAP_SYS_RESOURCE: This capability may also be required for managing system resources.

Try adding CAP_SYS_ADMIN to the CapabilityBoundingSet in your unit file. For example:

CapabilityBoundingSet=CAP_KILL CAP_IPC_LOCK CAP_SYS_PTRACE \
CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID \
CAP_SYS_RESOURCE CAP_SYSLOG CAP_SYS_ADMIN

After making changes, don't forget to reload the unit:

sudo systemctl daemon-reload
sudo systemctl restart your-service-name

Replace your-service-name with the name of your service. After that, check if the issue with executing the swapoff and swapon commands is resolved.

This response was written with the assistance of GPT-4o.

[hakavlad]

then
warning_exe = sh -c "swapoff -a && swapon -a"
may be sufficient