issue setting as a service

[Geobert]

With this .service file:

[Unit]
Description=Bitwarden Server (Rust Edition)
Documentation=https://github.com/dani-garcia/bitwarden_rs
After=network.target

[Service]
# The user/group bitwarden_rs is run under. the working directory (see below) should allow write and read access to this user/group
User=bitwarden_rs
Group=bitwarden_rs
# The location of the .env file for configuration
EnvironmentFile=/home/bitwarden_rs/.env
# The location of the compiled binary
ExecStart=/home/bitwarden_rs/bitwarden_rs
# Set reasonable connection and process limits
LimitNOFILE=1048576
LimitNPROC=64
# Isolate bitwarden_rs from the rest of the system
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
# Only allow writes to the following directory and set it to the working directory (user and password data are stored here)
WorkingDirectory=/home/bitwarden_rs
ReadWriteDirectories=/home/bitwarden_rs
# Allow bitwarden_rs to bind ports in the range of 0-1024
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

I got with systemctl status bitwarden_rs:

● bitwarden_rs.service - Bitwarden Server (Rust Edition)
   Loaded: loaded (/etc/systemd/system/bitwarden_rs.service; disabled)
   Active: failed (Result: exit-code) since Wed 2019-01-23 20:04:20 GMT; 12s ago
     Docs: https://github.com/dani-garcia/bitwarden_rs
  Process: 14005 ExecStart=/home/bitwarden_rs/bitwarden_rs (code=exited, status=226/NAMESPACE)
 Main PID: 14005 (code=exited, status=226/NAMESPACE)

Jan 23 20:04:20 geob-vps systemd[1]: Started Bitwarden Server (Rust Edition).
Jan 23 20:04:20 geob-vps systemd[1]: bitwarden_rs.service: main process exited, code=exited, status=226/NAMESPACE
Jan 23 20:04:20 geob-vps systemd[1]: Unit bitwarden_rs.service entered failed state.

with journalctl -u bitwarden_rs.service

Jan 23 20:04:18 geob-vps systemd[1]: [/etc/systemd/system/bitwarden_rs.service:21] Failed to parse protect system value, ignoring: strict
Jan 23 20:04:18 geob-vps systemd[1]: [/etc/systemd/system/bitwarden_rs.service:26] Unknown lvalue 'AmbientCapabilities' in section 'Service'
Jan 23 20:04:20 geob-vps systemd[1]: Starting Bitwarden Server (Rust Edition)...
Jan 23 20:04:20 geob-vps systemd[1]: Started Bitwarden Server (Rust Edition).
Jan 23 20:04:20 geob-vps systemd[1]: bitwarden_rs.service: main process exited, code=exited, status=226/NAMESPACE
Jan 23 20:04:20 geob-vps systemd[1]: Unit bitwarden_rs.service entered failed state.

and in /var/log/syslog I can see:

Failed at step NAMESPACE spawning /home/bitwarden_rs/bitwarden_rs: Permission denied

What am I missing?

[Geobert]

Btw, in .env I have:
ROCKET_ADDRESS=127.0.0.1 # Enable this to test mobile app
ROCKET_PORT=8000

and ROCKET_TLS pointing to my certificate and key

[pgaskin]

Try enabling the backports repository and updating systemd from there. I had a similar issue myself when setting up sandboxing.

Alternatively, you can remove most of the sandboxing options, as they aren't present in the version of systemd in debian 9 stable.

[Geobert]

Thanks, I'll try that if I come back to bitwarden. I manage to launch with supervisord and was disappointed by the desktop client lack of Autofill and ssh agent :(

Let's close this issue for now :)

[pgaskin]

Um, there is autofill. Go to the settings page and you can turn it on.

[Geobert]

Are you sure? I've search a lot and stumble upon feature request: https://community.bitwarden.com/t/auto-type-autofill-for-logging-into-other-desktop-apps/158

[pgaskin]

Oh, I thought you meant browser autofill, not desktop app autofill.