diff options
| author |   José Bollo <jose.bollo@iot.bzh> | 2019-12-12 18:10:48 +0100 |
|---|---|---|
| committer | José Bollo <jose.bollo@iot.bzh> | 2019-12-13 16:00:27 +0100 |
| commit | c29761cd1628960ee2b11a469763479ac5ef1dfa (patch) | |
| tree | 5bca3e838d04fc87814dcf9ce476679d15ab4f86 /systemd | |
| parent | 23bc1035a51fe54600db691981f8ed1537cbe125 (diff) | |
Improve integration of cynagoraicefish_8.99.4icefish/8.99.48.99.4
Allow to be more flexible when starting with or without
systemd. At end this change will allows to start within
systemd with socket activation or not and by sending
notification without need of option.
Make setting of the sockets more accurate. The admin and
agent socket are now accessible only to clients of the
expected group, cynagora by default.
Bug-AGL: SPEC-3230
Bug-AGL: SPEC-2968
Change-Id: I3e5c7c00dfa0494628c18ffc016cfc8599a5bf9b
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'systemd')
| -rw-r--r-- | systemd/CMakeLists.txt | 3 | ||||
| -rw-r--r-- | systemd/cynagora-admin.socket.in | 4 | ||||
| -rw-r--r-- | systemd/cynagora-agent.socket.in | 4 | ||||
| -rw-r--r-- | systemd/cynagora-check.socket.in | 2 | ||||
| -rw-r--r-- | systemd/cynagora.service.in (renamed from systemd/cynagora.service) | 6 |
5 files changed, 11 insertions, 8 deletions
diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt index c68f7f5..bb9d059 100644 --- a/systemd/CMakeLists.txt +++ b/systemd/CMakeLists.txt @@ -19,12 +19,13 @@ set(SYSTEMD_UNIT_DIR "${CMAKE_INSTALL_FULL_LIBDIR}/systemd/system" CACHE PATH "Path to systemd system unit files") +CONFIGURE_FILE(cynagora.service.in cynagora.service @ONLY) CONFIGURE_FILE(cynagora-admin.socket.in cynagora-admin.socket @ONLY) CONFIGURE_FILE(cynagora-check.socket.in cynagora-check.socket @ONLY) CONFIGURE_FILE(cynagora-agent.socket.in cynagora-agent.socket @ONLY) INSTALL(FILES - ${CMAKE_CURRENT_SOURCE_DIR}/cynagora.service + ${CMAKE_CURRENT_BINARY_DIR}/cynagora.service ${CMAKE_CURRENT_SOURCE_DIR}/cynagora.target ${CMAKE_CURRENT_BINARY_DIR}/cynagora-admin.socket ${CMAKE_CURRENT_BINARY_DIR}/cynagora-check.socket diff --git a/systemd/cynagora-admin.socket.in b/systemd/cynagora-admin.socket.in index 622c023..b2f5874 100644 --- a/systemd/cynagora-admin.socket.in +++ b/systemd/cynagora-admin.socket.in @@ -1,7 +1,9 @@ [Socket] FileDescriptorName=admin ListenStream=@DEFAULT_SOCKET_DIR@/cynagora.admin -SocketMode=0600 +SocketUser=@USER@ +SocketGroup=@GROUP@ +SocketMode=0660 SmackLabelIPIn=@ SmackLabelIPOut=@ diff --git a/systemd/cynagora-agent.socket.in b/systemd/cynagora-agent.socket.in index a5e66b8..3671113 100644 --- a/systemd/cynagora-agent.socket.in +++ b/systemd/cynagora-agent.socket.in @@ -1,7 +1,9 @@ [Socket] FileDescriptorName=agent ListenStream=@DEFAULT_SOCKET_DIR@/cynagora.agent -SocketMode=0600 +SocketUser=@USER@ +SocketGroup=@GROUP@ +SocketMode=0660 SmackLabelIPIn=@ SmackLabelIPOut=@ diff --git a/systemd/cynagora-check.socket.in b/systemd/cynagora-check.socket.in index fcd6ed1..0eeae57 100644 --- a/systemd/cynagora-check.socket.in +++ b/systemd/cynagora-check.socket.in @@ -1,6 +1,8 @@ [Socket] FileDescriptorName=check ListenStream=@DEFAULT_SOCKET_DIR@/cynagora.check +SocketUser=@USER@ +SocketGroup=@GROUP@ SocketMode=0666 SmackLabelIPIn=* SmackLabelIPOut=@ diff --git a/systemd/cynagora.service b/systemd/cynagora.service.in index 97a0f36..9035d00 100644 --- a/systemd/cynagora.service +++ b/systemd/cynagora.service.in @@ -4,7 +4,7 @@ Requires=afm-system-setup.service After=afm-system-setup.service [Service] -ExecStart=/usr/bin/cynagorad --systemd --user cynagora --group cynagora --make-db-dir --own-db-dir +ExecStart=/usr/bin/cynagorad --user @USER@ --group @GROUP@ --make-db-dir --own-db-dir Type=notify @@ -15,11 +15,7 @@ Restart=always Sockets=cynagora-admin.socket Sockets=cynagora-check.socket Sockets=cynagora-agent.socket -SmackProcessLabel=System -#UMask=0000 -#User=cynagora -#Group=cynagora #NoNewPrivileges=true [Install] |