From 4d590c83e1189f749aa1a4ac4f6497e9df65afdb Mon Sep 17 00:00:00 2001 From: "Alex Xu (Hello71)" Date: Fri, 10 Aug 2018 23:19:42 -0400 Subject: Fix service files --- .gitignore | 2 ++ Makefile.in | 6 +++--- random-seed-save.service | 16 ---------------- random-seed-save.service.in | 16 ++++++++++++++++ random-seed.service | 28 ---------------------------- 5 files changed, 21 insertions(+), 47 deletions(-) delete mode 100644 random-seed-save.service create mode 100644 random-seed-save.service.in delete mode 100644 random-seed.service diff --git a/.gitignore b/.gitignore index 069ca76..a52fd16 100644 --- a/.gitignore +++ b/.gitignore @@ -8,6 +8,8 @@ config.status configure /Makefile +/random-seed.service +/random-seed-save.service /random-seed /random-seed.test *.o diff --git a/Makefile.in b/Makefile.in index f52121e..ab22121 100644 --- a/Makefile.in +++ b/Makefile.in @@ -22,7 +22,7 @@ SRC := random-seed.c sha2.c util.c OBJ := $(SRC:.c=.o) TEST_FILE := random-seed.test -all: random-seed random-seed.service +all: random-seed random-seed.service random-seed-save.service random-seed: $(OBJ) @@ -32,10 +32,10 @@ util.o: util.c util.h sha2.h sha2.o: sha2.c sha2.h -random-seed.service: random-seed.service.in +random-seed.service random-seed-save.service: Makefile sed -e 's|@sbindir[@]|$(sbindir)|g' \ -e 's|@default_seed_path_dir[@]|$(default_seed_path_dir)|g' \ - $< > $@ + $@.in > $@ install: all install -D -m755 random-seed $(DESTDIR)$(sbindir)/random-seed diff --git a/random-seed-save.service b/random-seed-save.service deleted file mode 100644 index a9858bc..0000000 --- a/random-seed-save.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=Random seed save -RequiresMountsFor=@default_seed_path_dir@ -After=systemd-remount-fs.service - -[Service] -ExecStart=@sbindir@/random-seed save -CapabilityBoundingSet=CAP_SYS_ADMIN -NoNewPrivileges=yes -PrivateDevices=yes -PrivateNetwork=yes -ProtectKernelTunables=yes -ProtectKernelModules=yes -LockPersonality=yes -TemporaryFileSystem=/:ro -BindPaths=@default_seed_path_dir@ diff --git a/random-seed-save.service.in b/random-seed-save.service.in new file mode 100644 index 0000000..e70192b --- /dev/null +++ b/random-seed-save.service.in @@ -0,0 +1,16 @@ +[Unit] +Description=Random seed save +RequiresMountsFor=@default_seed_path_dir@ +After=systemd-remount-fs.service + +[Service] +ExecStart=@sbindir@/random-seed save +CapabilityBoundingSet= +NoNewPrivileges=yes +PrivateDevices=yes +PrivateNetwork=yes +ProtectKernelTunables=yes +ProtectKernelModules=yes +LockPersonality=yes +TemporaryFileSystem=/:ro +BindPaths=@default_seed_path_dir@ diff --git a/random-seed.service b/random-seed.service deleted file mode 100644 index 04b2ef5..0000000 --- a/random-seed.service +++ /dev/null @@ -1,28 +0,0 @@ -[Unit] -Description=Random seed load/save -Documentation=man:random-seed(8) man:random(4) -DefaultDependencies=no -RequiresMountsFor=/var/lib -Conflicts=shutdown.target -After=systemd-remount-fs.service -Before=sysinit.target shutdown.target -ConditionVirtualization=!container - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/local/sbin/random-seed load -ExecStop=/usr/local/sbin/random-seed save -CapabilityBoundingSet=CAP_SYS_ADMIN -NoNewPrivileges=yes -PrivateDevices=yes -PrivateNetwork=yes -ProtectKernelTunables=yes -ProtectKernelModules=yes -LockPersonality=yes -TemporaryFileSystem=/:ro -BindPaths=/var/lib -TimeoutSec=30s - -[Install] -WantedBy=sysinit.target -- cgit v1.2.3-54-g00ecf