commit: 91cdae70f2fa6322ff9b38336b24312bdd3c3810 Author: Pierre-Olivier Mercier <nemunaire <AT> nemunai <DOT> re> AuthorDate: Wed Aug 16 11:37:28 2017 +0000 Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> CommitDate: Tue Aug 22 09:07:01 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91cdae70
net-dns/knot: enhance systemd service security Suggested-by: hexumg <hexumg <AT> gmail.com> Bug: https://bugs.gentoo.org/606644 net-dns/knot/files/knot-1.service | 17 +++++++++++++++++ net-dns/knot/knot-2.5.3-r1.ebuild | 6 ++++-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/net-dns/knot/files/knot-1.service b/net-dns/knot/files/knot-1.service new file mode 100644 index 00000000000..14a34a2b211 --- /dev/null +++ b/net-dns/knot/files/knot-1.service @@ -0,0 +1,17 @@ +[Unit] +Description=Knot high-performance DNS Server +After=network.target + +[Service] +ExecStart=/usr/sbin/knotd +ExecReload=/usr/sbin/knotc reload +ExecStop=/usr/sbin/knotc stop +PrivateTmp=true +User=knot +Group=knot +RuntimeDirectory=knot +RuntimeDirectoryMode=750 +AmbientCapabilities=CAP_NET_BIND_SERVICE + +[Install] +WantedBy=multi-user.target diff --git a/net-dns/knot/knot-2.5.3-r1.ebuild b/net-dns/knot/knot-2.5.3-r1.ebuild index d9263f9e849..5d116b1a44c 100644 --- a/net-dns/knot/knot-2.5.3-r1.ebuild +++ b/net-dns/knot/knot-2.5.3-r1.ebuild @@ -26,7 +26,7 @@ RDEPEND=" ) idn? ( || ( net-dns/libidn >=net-dns/libidn2-2.0.0 ) ) dev-libs/libedit - systemd? ( sys-apps/systemd ) + systemd? ( >=sys-apps/systemd-229 ) " DEPEND="${RDEPEND} virtual/pkgconfig @@ -66,7 +66,9 @@ src_install() { keepdir /var/lib/${PN} newinitd "${FILESDIR}/knot.init" knot - systemd_dounit "${FILESDIR}/knot.service" + if use systemd; then + systemd_newunit "${FILESDIR}/knot-1.service" knot + fi find "${D}" -name '*.la' -delete || die }
