Move modprobe to cjdns-loadmodules.service to avoid adding CAP_SYS_MODULE.
This commit is contained in:
parent
9290198c19
commit
34c8c5425f
@ -1,6 +1,23 @@
|
|||||||
|
diff -up ./contrib/systemd/cjdns-loadmodules.service.sbin ./contrib/systemd/cjdns-loadmodules.service
|
||||||
|
--- ./contrib/systemd/cjdns-loadmodules.service.sbin 2016-08-15 13:39:48.892573194 -0400
|
||||||
|
+++ ./contrib/systemd/cjdns-loadmodules.service 2016-08-15 13:47:24.336772295 -0400
|
||||||
|
@@ -0,0 +1,13 @@
|
||||||
|
+[Unit]
|
||||||
|
+Description=Load cjdns kernel modules
|
||||||
|
+# Load kernel modules needed by cjdns so that it doesn't need the privilege
|
||||||
|
+Before=cjdns.service
|
||||||
|
+# Do not try to load modules in containers like openvz
|
||||||
|
+ConditionVirtualization=!container
|
||||||
|
+
|
||||||
|
+[Service]
|
||||||
|
+Type=oneshot
|
||||||
|
+ExecStart=/usr/sbin/modprobe tun
|
||||||
|
+
|
||||||
|
+[Install]
|
||||||
|
+WantedBy=multi-user.target
|
||||||
diff -up ./contrib/systemd/cjdns-online.sh.sbin ./contrib/systemd/cjdns-online.sh
|
diff -up ./contrib/systemd/cjdns-online.sh.sbin ./contrib/systemd/cjdns-online.sh
|
||||||
--- ./contrib/systemd/cjdns-online.sh.sbin 2016-08-05 17:32:04.937119714 -0400
|
--- ./contrib/systemd/cjdns-online.sh.sbin 2016-08-15 13:33:11.356021398 -0400
|
||||||
+++ ./contrib/systemd/cjdns-online.sh 2016-08-05 17:32:04.937119714 -0400
|
+++ ./contrib/systemd/cjdns-online.sh 2016-08-15 13:33:11.356021398 -0400
|
||||||
@@ -0,0 +1,90 @@
|
@@ -0,0 +1,90 @@
|
||||||
+#!/bin/sh
|
+#!/bin/sh
|
||||||
+# Check whether cjdns IPs are available
|
+# Check whether cjdns IPs are available
|
||||||
@ -94,8 +111,16 @@ diff -up ./contrib/systemd/cjdns-online.sh.sbin ./contrib/systemd/cjdns-online.s
|
|||||||
+fi
|
+fi
|
||||||
diff -up ./contrib/systemd/cjdns.service.sbin ./contrib/systemd/cjdns.service
|
diff -up ./contrib/systemd/cjdns.service.sbin ./contrib/systemd/cjdns.service
|
||||||
--- ./contrib/systemd/cjdns.service.sbin 2016-06-14 17:58:54.000000000 -0400
|
--- ./contrib/systemd/cjdns.service.sbin 2016-06-14 17:58:54.000000000 -0400
|
||||||
+++ ./contrib/systemd/cjdns.service 2016-08-05 17:33:09.595862599 -0400
|
+++ ./contrib/systemd/cjdns.service 2016-08-15 13:56:20.198792714 -0400
|
||||||
@@ -7,12 +7,14 @@ After=network.target
|
@@ -1,18 +1,20 @@
|
||||||
|
[Unit]
|
||||||
|
Description=cjdns: routing engine designed for security, scalability, speed and ease of use
|
||||||
|
Wants=network.target
|
||||||
|
-After=network.target
|
||||||
|
+After=network.target cjdns-loadmodules.service
|
||||||
|
+Requires=cjdns-loadmodules.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
ProtectHome=true
|
ProtectHome=true
|
||||||
ProtectSystem=true
|
ProtectSystem=true
|
||||||
SyslogIdentifier=cjdroute
|
SyslogIdentifier=cjdroute
|
||||||
@ -105,17 +130,15 @@ diff -up ./contrib/systemd/cjdns.service.sbin ./contrib/systemd/cjdns.service
|
|||||||
- /usr/bin/cjdroute --genconf > /etc/cjdroute.conf; \
|
- /usr/bin/cjdroute --genconf > /etc/cjdroute.conf; \
|
||||||
+ /usr/sbin/cjdroute --genconf | cat > /etc/cjdroute.conf; \
|
+ /usr/sbin/cjdroute --genconf | cat > /etc/cjdroute.conf; \
|
||||||
echo 'WARNING: A new /etc/cjdroute.conf file has been generated.'; \
|
echo 'WARNING: A new /etc/cjdroute.conf file has been generated.'; \
|
||||||
- fi"
|
fi"
|
||||||
-ExecStart=/bin/sh -c "exec cjdroute --nobg < /etc/cjdroute.conf"
|
-ExecStart=/bin/sh -c "exec cjdroute --nobg < /etc/cjdroute.conf"
|
||||||
+ fi; case $(wc -c /proc/modules) in \
|
|
||||||
+ 0*) ;; *) /sbin/modprobe tun;; esac"
|
|
||||||
+ExecStart=/bin/sh -c "exec /usr/sbin/cjdroute --nobg < /etc/cjdroute.conf"
|
+ExecStart=/bin/sh -c "exec /usr/sbin/cjdroute --nobg < /etc/cjdroute.conf"
|
||||||
Restart=always
|
Restart=always
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
diff -up ./contrib/systemd/cjdns-wait-online.service.sbin ./contrib/systemd/cjdns-wait-online.service
|
diff -up ./contrib/systemd/cjdns-wait-online.service.sbin ./contrib/systemd/cjdns-wait-online.service
|
||||||
--- ./contrib/systemd/cjdns-wait-online.service.sbin 2016-08-05 17:32:04.937119714 -0400
|
--- ./contrib/systemd/cjdns-wait-online.service.sbin 2016-08-15 13:33:11.356021398 -0400
|
||||||
+++ ./contrib/systemd/cjdns-wait-online.service 2016-08-05 17:32:04.937119714 -0400
|
+++ ./contrib/systemd/cjdns-wait-online.service 2016-08-15 13:33:11.356021398 -0400
|
||||||
@@ -0,0 +1,13 @@
|
@@ -0,0 +1,13 @@
|
||||||
+[Unit]
|
+[Unit]
|
||||||
+Description=CJDNS Wait Online
|
+Description=CJDNS Wait Online
|
||||||
@ -132,7 +155,7 @@ diff -up ./contrib/systemd/cjdns-wait-online.service.sbin ./contrib/systemd/cjdn
|
|||||||
+WantedBy=multi-user.target
|
+WantedBy=multi-user.target
|
||||||
diff -up ./contrib/upstart/cjdns.conf.sbin ./contrib/upstart/cjdns.conf
|
diff -up ./contrib/upstart/cjdns.conf.sbin ./contrib/upstart/cjdns.conf
|
||||||
--- ./contrib/upstart/cjdns.conf.sbin 2016-06-14 17:58:54.000000000 -0400
|
--- ./contrib/upstart/cjdns.conf.sbin 2016-06-14 17:58:54.000000000 -0400
|
||||||
+++ ./contrib/upstart/cjdns.conf 2016-08-05 17:32:04.938119725 -0400
|
+++ ./contrib/upstart/cjdns.conf 2016-08-15 13:33:11.356021398 -0400
|
||||||
@@ -13,10 +13,16 @@ pre-start script
|
@@ -13,10 +13,16 @@ pre-start script
|
||||||
if ! [ -s /etc/cjdroute.conf ]; then
|
if ! [ -s /etc/cjdroute.conf ]; then
|
||||||
( # start a subshell to avoid side effects of umask later on
|
( # start a subshell to avoid side effects of umask later on
|
||||||
|
Loading…
Reference in New Issue
Block a user