nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-05-20 10:34:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

mldonkey: Add systemd service file with security options

Browse Source 
- This solves the problem with init that causes the daemon not to stop.

- The file is installed with same name as init script so as to make sure init
  script become overridden.

- It is installed in /lib/systemd/system/mldonkey-server.service.d/ so
  that this service file can one day be upstreamed and at that time it
  does not conflict with freedombox package carrying the same file.

- Add strict security options.

- Tested by watching mldonkey logs, doing some searching and downloading from
  the UI.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This commit is contained in:
Sunil Mohan Adapa 2019-02-07 21:20:14 -08:00 committed by James Valleroy
parent 95fddde90f
commit 2b45a8cff9
No known key found for this signature in database
GPG Key ID: 77C0C75E7B650808
2 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
data/lib/systemd/system/mldonkey-server.service.d/freedombox.conf Normal file
View File

@ -0,0 +1,36 @@
[Unit]
Description=MLDonkey: Multi-protocol, peer-to-peer file sharing server
After=syslog.target network.target
ConditionPathExists=/var/lib/mldonkey/downloads.ini
Documentation=man:mlnet(1) http://mldonkey.sourceforge.net/Main_Page
[Service]
ExecStart=
ExecStart=/usr/bin/mlnet
ExecStop=
Group=mldonkey
IgnoreSIGPIPE=yes
KillMode=control-group
LockPersonality=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateMounts=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
ReadWritePaths=/var/lib/mldonkey
RemainAfterExit=no
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictRealtime=yes
StateDirectory=mldonkey
SystemCallArchitectures=native
Type=simple
User=mldonkey
WorkingDirectory=/var/lib/mldonkey
[Install]
WantedBy=multi-user.target

2
setup.py
View File

@ -247,6 +247,8 @@ setuptools.setup(
'data/etc/sudoers.d/plinth' 'data/etc/sudoers.d/plinth'
]), ('/lib/systemd/system', ]), ('/lib/systemd/system',
glob.glob('data/lib/systemd/system/*.service')), glob.glob('data/lib/systemd/system/*.service')),
('/lib/systemd/system/mldonkey-server.service.d',
['data/lib/systemd/system/mldonkey-server.service.d/freedombox.conf']),
('/lib/systemd/system', glob.glob('data/lib/systemd/system/*.timer')), ('/lib/systemd/system', glob.glob('data/lib/systemd/system/*.timer')),
('/etc/mediawiki', ('/etc/mediawiki',
glob.glob('data/etc/mediawiki/*.php')), ('/etc/update-motd.d/', [ glob.glob('data/etc/mediawiki/*.php')), ('/etc/update-motd.d/', [