mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-04-15 09:51:21 +00:00
a4505978ad
- Earlier PrivateTmp=no is set freedombox-privileged.service in 4140d3b4444d2fd55ac682d066fd859cb2f034b5 and the fix was not properly tested. Similar change was needed in plinth.service and it was not done. - Complete the fix but this time enable private tmp and join namespaces for the two daemons. - This will cause issues with file uploading when plinth is run from command line (for development purposes). This will be addressed separately. Tests: - Apply the change and reload systemd and restart service. Don't run plinth on command line and run it as service. - Uploading libraries to kiwix works - Uploading backup tarballs works. - Uploading TiddlyWiki and Feature Wiki wiki files works. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
28 lines
744 B
Desktop File
28 lines
744 B
Desktop File
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
[Unit]
|
|
Description=FreedomBox Privileged Service
|
|
Documentation=https://wiki.debian.org/FreedomBox/
|
|
# Don't hit the start rate limiting.
|
|
StartLimitIntervalSec=0
|
|
# Stop/restart along with .socket unit (invoked from dpkg scripts).
|
|
PartOf=freedombox-privileged.socket
|
|
# Uploaded files in /var/tmp/ are shared with FreedomBox web service.
|
|
JoinsNamespaceOf=plinth.service
|
|
|
|
[Service]
|
|
Type=notify
|
|
ExecStart=/usr/lib/freedombox/freedombox-privileged
|
|
TimeoutSec=300s
|
|
User=root
|
|
Group=root
|
|
NotifyAccess=main
|
|
# Uploaded files in /var/tmp/ are shared with FreedomBox web service by joining
|
|
# namespaces.
|
|
PrivateTmp=yes
|
|
Restart=on-failure
|
|
# Don't restart too fast
|
|
RestartSec=1
|
|
RestartSteps=3
|
|
RestartMaxDelaySec=5
|