summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.gitignore2
-rw-r--r--Makefile.in6
-rw-r--r--random-seed-save.service.in (renamed from random-seed-save.service)2
-rw-r--r--random-seed.service28
4 files changed, 6 insertions, 32 deletions
diff --git a/.gitignore b/.gitignore
index 069ca76..a52fd16 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,8 @@ config.status
configure
/Makefile
+/random-seed.service
+/random-seed-save.service
/random-seed
/random-seed.test
*.o
diff --git a/Makefile.in b/Makefile.in
index f52121e..ab22121 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -22,7 +22,7 @@ SRC := random-seed.c sha2.c util.c
OBJ := $(SRC:.c=.o)
TEST_FILE := random-seed.test
-all: random-seed random-seed.service
+all: random-seed random-seed.service random-seed-save.service
random-seed: $(OBJ)
@@ -32,10 +32,10 @@ util.o: util.c util.h sha2.h
sha2.o: sha2.c sha2.h
-random-seed.service: random-seed.service.in
+random-seed.service random-seed-save.service: Makefile
sed -e 's|@sbindir[@]|$(sbindir)|g' \
-e 's|@default_seed_path_dir[@]|$(default_seed_path_dir)|g' \
- $< > $@
+ $@.in > $@
install: all
install -D -m755 random-seed $(DESTDIR)$(sbindir)/random-seed
diff --git a/random-seed-save.service b/random-seed-save.service.in
index a9858bc..e70192b 100644
--- a/random-seed-save.service
+++ b/random-seed-save.service.in
@@ -5,7 +5,7 @@ After=systemd-remount-fs.service
[Service]
ExecStart=@sbindir@/random-seed save
-CapabilityBoundingSet=CAP_SYS_ADMIN
+CapabilityBoundingSet=
NoNewPrivileges=yes
PrivateDevices=yes
PrivateNetwork=yes
diff --git a/random-seed.service b/random-seed.service
deleted file mode 100644
index 04b2ef5..0000000
--- a/random-seed.service
+++ /dev/null
@@ -1,28 +0,0 @@
-[Unit]
-Description=Random seed load/save
-Documentation=man:random-seed(8) man:random(4)
-DefaultDependencies=no
-RequiresMountsFor=/var/lib
-Conflicts=shutdown.target
-After=systemd-remount-fs.service
-Before=sysinit.target shutdown.target
-ConditionVirtualization=!container
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-ExecStart=/usr/local/sbin/random-seed load
-ExecStop=/usr/local/sbin/random-seed save
-CapabilityBoundingSet=CAP_SYS_ADMIN
-NoNewPrivileges=yes
-PrivateDevices=yes
-PrivateNetwork=yes
-ProtectKernelTunables=yes
-ProtectKernelModules=yes
-LockPersonality=yes
-TemporaryFileSystem=/:ro
-BindPaths=/var/lib
-TimeoutSec=30s
-
-[Install]
-WantedBy=sysinit.target
generated by cgit v1.2.3-70-g09d2 (git 2.47.0) at 2024-11-22 02:18:33 +0000