Commit 26918db9 authored by Daniel Kahn Gillmor's avatar Daniel Kahn Gillmor Committed by Tomas Krizek

systemd: clarify dropping Sockets= for non-socket-activated services

If the adminstrator of a non-socket-activated kresd installation
doesn't clear Sockets=, then they will also inherit sockets from the
process manager, which doesn't make sense.  Help them avoid that
situation.
parent 6e3c7abc
......@@ -14,13 +14,20 @@ See kresd.systemd(7) for details.
Manual activation
-----------------
If you wish to use manual activation without sockets, you have to grant
the service the capability to bind to well-known ports. You can use a drop-in
file.
If you wish to use manual activation without sockets, you have to
grant the service the capability to bind to well-known ports, and you
should disable allocation of other sockets from systemd itself. You
can use a drop-in file like so:
# /etc/systemd/system/kresd@.service.d/override.conf
[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
Sockets=
If you do this, make sure you've indicated which ports to bind to in
/etc/knot-resolver/kresd.conf , and also do:
systemctl disable --now kresd.socket kresd-tls.socket 'kresd-control@*.socket'
Notes
-----
......
......@@ -5,3 +5,4 @@
[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
Sockets=
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment