Revert to 'ProtectSystem=strict' in boinc-client.service and make '/tmp' writable

[computezrmle]

BOINC volunteers running VirtualBox tasks on Linux occasionally report errors like this if BOINC runs as a systemd service:

2024-12-28 01:20:15 (16867): Detected: VirtualBox VboxManage Interface (Version: 7.0.12)
2024-12-28 01:20:20 (16867): Error in host info for VM: -182
Command:
VBoxManage -q list hostinfo 
Output:
VBoxManage: error: Failed to create the VirtualBox object!
VBoxManage: error: Code NS_ERROR_SOCKET_FAIL (0xC1F30200) - IPC daemon socket error (extended info not available)
VBoxManage: error: Most likely, the VirtualBox COM server is not running or failed to start.


2024-12-28 01:20:20 (16867): WARNING: Communication with VM Hypervisor failed.
2024-12-28 01:20:20 (16867): ERROR: VBoxManage list hostinfo failed
2024-12-28 01:20:20 (16867): called boinc_finish(1)

Usually this can be tracked down to a too restrictive setting in BOINC's systemd file:
ProtectSystem=strict

In most cases experienced volunteers suggest to replace strict with full, run systemctl daemon-reload and restart BOINC.
This works since - unlike strict - full leaves /tmp writable for BOINC and it's child processes.
The disadvantage is that it also leaves many other directories writable.
A better solution might be to leave strict and make /tmp writable which can be configured using ReadWritePaths=.

Background details

From the systemd manual

ProtectSystem=
Takes a boolean argument or the special values "full" or "strict". If true, mounts the /usr/ and the boot loader directories (/boot and /efi) read-only for processes invoked by this unit. If set to "full", the /etc/ directory is mounted read-only, too. If set to "strict" the entire file system hierarchy is mounted read-only, except for the API file system subtrees /dev/, /proc/ and /sys/ (...) If this option is used, ReadWritePaths= may be used to exclude specific directories from being made read-only.

From the VirtualBox manual

VBoxSVC IPC Issues
On Linux, Oracle VirtualBox makes use of a custom version of Mozilla XPCOM (cross platform component object model) for interprocess and intraprocess communication (IPC). (...) Communication between the various Oracle VirtualBox components and VBoxSVC is performed through a local domain socket residing in /tmp/.vbox-username-ipc. In case there are communication problems, such as an Oracle VirtualBox application cannot communicate with VBoxSVC, terminate the daemons and remove the local domain socket directory.

Copilot wasn't able to review any files in this pull request.

Files not reviewed (1)

• client/scripts/boinc-client.service.in: Language not supported

[AenBleidd]

@Germano0, @lfield, could you please review this PR?
@computezrmle, please fix the tests (IF you don't want or don't know how - I can do that for you)

[computezrmle]

@computezrmle, please fix the tests ...

Done.

[AenBleidd]

@Germano0, @lfield, do you have some time to review (in the better case also test) it?

[lfield]

LGTM. Tested.

[Germano0]

I am against messing up for the n-th time with boinc-client systemd unit file unless URL of of failed boinc working unit is being provided.

• year 2018 systemd unit change systemd hardening #2873
• year 2022 systemd unit change changes systemd flag ProtectSystem from strict to full #4953 which fixed the endless discussion [Explained] 7.16.3 systemd startup file prevents LHC VirtualBox jobs running #3355

Also, in #4953 you were not using boinc-client systemd unit file, but a custom one

[computezrmle]

I don't agree with arguments like "I am against messing up for the n-th time ...".
If a change solves an issue, it should be integrated.

I remember the discussion #4953 you mentioned.
What you tested there was a combination of ProtectSystem=strict and -/tmp/.vbox-boinc-ipc in ReadWritePaths which didn't work:
#4953 (comment)
The reason for that was that you left /tmp write protected and VirtualBox could not create .vbox-boinc-ipc below.

The solution here is to make /tmp writeable which allows VirtualBox to create the required directory.
This follows the manuals from VirtualBox and systemd mentioned above and it is tested.

Whether the systemd service file is taken from the BOINC package or not is not relevant here.