Commit ed62cc88 authored by Daniel Kahn Gillmor's avatar Daniel Kahn Gillmor

systemd rules for closely-supervised knot-resolver service

This is a fully-socket-activated knot-resolver service that can run as
a non-priivleged user named knot-resolver.
parent 2a95547e
......@@ -23,7 +23,6 @@
.libs
.deps
_obj
tmp*
/autom4te.cache/*
/config.log
/config.h
......
[Unit]
Description=Knot DNS Resolver control socket
Documentation=man:kresd(8)
Before=sockets.target
[Socket]
ListenStream=/run/knot-resolver/control
FileDescriptorName=control
Service=knot-resolver.service
SocketMode=0660
[Install]
WantedBy=sockets.target
[Unit]
Description=Knot DNS Resolver daemon
## This is a socket-activated service:
RefuseManualStart=true
[Service]
Type=notify
WorkingDirectory=/run/knot-resolver/cache
ExecStart=/usr/sbin/kresd
User=knot-resolver
Restart=on-failure
[Install]
WantedBy=sockets.target
  • Is this line correct? I can't say I understand systemd details, but this line seems to create a cycle reported by systemd-analyze verify. (It's a slightly different non-Debian system, but the unit files are almost the same.)

  • Hmm, if this can be detected automatically, then please add the tool to the CI!

  • I suppose it should work to install those systemd files (during CI) and then run systemd-analyze verify, though I'm not sure it's worth pursuing – it feels like this would better be tested directly with distribution packages, as they may often differ at least in some details.

  • You are right, content of distro files may make a big difference. Please ignore me for now :-)

  • I think this line is a mistake. mea culpa! I've just opened !433 (merged) to correct it.

    Thanks for catching it, @vcunat.

  • The thanks should go elsewhere.

Please register or sign in to reply
[Unit]
Description=Knot DNS Resolver network listeners
Documentation=man:kresd(8)
Before=sockets.target
[Socket]
ListenStream=[::1]:53
ListenDatagram=[::1]:53
ListenStream=127.0.0.1:53
ListenDatagram=127.0.0.1:53
[Install]
WantedBy=sockets.target
# tmpfiles.d(5) runtime directory for knot-resolver (kresd)
#Type Path Mode UID GID Age Argument
d /run/knot-resolver 0750 root root - -
d /run/knot-resolver/cache 0750 knot-resolver knot-resolver - -
L /run/knot-resolver/cache/config 0750 knot-resolver knot-resolver - /etc/knot-resolver/kresd.conf
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment