'Permission denied' exception in multifilesystem/sync.py #1095
Description
I upgraded to Radicale 3.0.4 on ArchLinux inside an LXD container.
User and group of the process are radicale and all subdirectories in the data directory in /var/lib/radicale/collections have 0700 permissions, owned by radicale:radicale.
The webinterface works fine (can login and creating collections works).
However, when synchronising (Davx5, but that’s not relevant to the problem), I see Permission denied exceptions coming from multifilesystem/sync.py in the os.utime(token_path) call.
To test what’s going on I added another except PermissionError: pass and now it synchronises correctly.
I suspect that it could be my systemd radicale service file, but it seems sane:
[Unit]
Description=radicale - A simple CalDAV (calendar) and CardDAV (contact) server
After=syslog.target network.target
Requires=network.target
[Service]
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
ExecStart=/usr/bin/radicale
Group=radicale
IPAccounting=true
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
ProtectHome=yes
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectControlGroups=true
ReadWritePaths=/var/lib/radicale
RemoveIPC=true
Restart=on-failure
RestrictAddressFamilies=~AF_PACKET AF_NETLINK AF_UNIX
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@resources
UMask=0027
User=radicale
[Install]
WantedBy=multi-user.target
Any advice what else to test for?