Commit f6a13ad7 authored by Marek Vavruša's avatar Marek Vavruša

scripts: added basic service/sysconfig/apparmor templates

this should help packaging the project to other platforms

thanks @darix!
parent 0134f75e
#include <tunables/global>
/usr/bin/kresd {
#include <abstractions/base>
#include <abstractions/nameservice>
capability net_bind_service,
capability setgid,
capability setuid,
# seems to be needed during start to read /var/lib/kresd
# while we still run as root.
capability dac_override,
network tcp,
network udp,
/proc/sys/net/core/somaxconn r,
/etc/kresd/* r,
/var/lib/kresd/ r,
/var/lib/kresd/** rwlk,
# modules
/usr/lib{,64}/kdns_modules/*.lua r,
/usr/lib{,64}/kdns_modules/*.so rm,
# for tinyweb
/usr/lib{,64}/kdns_modules/tinyweb/ r,
/usr/lib{,64}/kdns_modules/tinyweb/* r,
/var/lib/GeoIP/* r,
}
[Unit]
Description=Knot DNS Resolver daemon
After=syslog.target network.target auditd.service
[Service]
Type=simple
EnvironmentFile=-/etc/sysconfig/kresd
ExecStart=/usr/bin/kresd -c /etc/kresd/config -f $KRESD_WORKERS $KRESD_OPTIONS /var/lib/kresd/
Restart=on-abort
[Install]
WantedBy=multi-user.target
## Path: System/DNS
## Description: Number of worker processes to spawn
## Type: integer
## Default: 1
## ServiceRestart: kresd
##
#
# Number of workers to spawn for kresd.
# If you get start up failures with "already in use" your libuv is too
# old and you have to stick to 1.
#
KRESD_WORKERS=1
# Additional options
KRESD_OPTIONS=
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment