David Sommerseth <[email protected]> on Mon, 2016/12/26 17:45: > On 26/12/16 17:12, Christian Hesse wrote: > > debbie10t <[email protected]> on Sat, 2016/12/24 11:10: > >> On 16/12/16 22:00, Christian Hesse wrote: > >>> From: Christian Hesse <[email protected]> > >>> > >>> Different unit instances create and destroy the same RuntimeDirectory. > >>> This leads to running instances where the status file (and possibly > >>> more runtime data) is no longer accessible. > >>> > >>> So do not handle this in unit files but provide a tmpfiles.d > >>> configuration and let systemd-tmpfiles do the work. > >>> Nobody will (unintentionally) delete the directories and its content. > >>> As /run is volatile we do not have to care about cleanup. > >>> > >>> Signed-off-by: Christian Hesse <[email protected]> > >>> --- > >>> distro/systemd/[email protected] | 2 -- > >>> distro/systemd/[email protected] | 2 -- > >>> distro/systemd/openvpn.conf | 2 ++ > >>> 3 files changed, 2 insertions(+), 4 deletions(-) > >>> create mode 100644 distro/systemd/openvpn.conf > >>> > >>> diff --git a/distro/systemd/[email protected] > >>> b/distro/systemd/[email protected] index 5618af3..1187ee8 100644 > >>> --- a/distro/systemd/[email protected] > >>> +++ b/distro/systemd/[email protected] > >>> @@ -9,8 +9,6 @@ > >>> Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO [Service] > >>> Type=notify > >>> PrivateTmp=true > >>> -RuntimeDirectory=openvpn-client > >>> -RuntimeDirectoryMode=0710 > >>> WorkingDirectory=/etc/openvpn/client > >>> ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config > >>> %i.conf CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW > >>> CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE diff --git > >>> a/distro/systemd/[email protected] > >>> b/distro/systemd/[email protected] index b9b4dba..25a6bb7 100644 > >>> --- a/distro/systemd/[email protected] +++ > >>> b/distro/systemd/[email protected] @@ -9,8 +9,6 @@ > >>> Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO [Service] > >>> Type=notify > >>> PrivateTmp=true > >>> -RuntimeDirectory=openvpn-server > >>> -RuntimeDirectoryMode=0710 > >>> WorkingDirectory=/etc/openvpn/server > >>> ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log > >>> --status-version 2 --suppress-timestamps --config %i.conf > >>> CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE > >>> CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE diff > >>> --git a/distro/systemd/openvpn.conf b/distro/systemd/openvpn.conf new > >>> file mode 100644 index 0000000..bb79671 --- /dev/null > >>> +++ b/distro/systemd/openvpn.conf > >>> @@ -0,0 +1,2 @@ > >>> +d /run/openvpn-client 0710 root root - > >>> +d /run/openvpn-server 0710 root root - > >>> > >> > >> ACK > >> > >> This works as expected from debian8/systemd 215 to arch/systemd 232 > > > > Great! Thanks for testing! > > > > But I think this will not make its way into 2.4.0? Will we see this in > > release/2.4 for a bugfix release? > > That is correct. What is in release/2.4 currently is what will be the > v2.4.0 release unless something of a real blocker appears before I'll > tag and push out the release commit some time tomorrow. I don't dare to > add anything which is not absolutely strictly needed for the comming > release. I'm just waiting for a the final Windows test results from > Samuli before pushing out the final release. Then Samuli will publish > all source tarballs, Windows installers and do the announcement.
Waiting for that to happen. :-p
> It's good that this is tested, but I'd like to have a more thorough
> review of this patch as well in addition to look at the automake rules
> so that we can install unit files and the tmpfiles.d config to the
> proper place as well during 'make install'. This will simplify the job
> of the packagers as well.
Ok, let's discuss this on irc any time soon. I will have some last working
days this year - and hopefully some spare time.
> One thing I'm pondering on though, is how clever it is to call the
> tmpfiles.d config file 'openvpn.conf' ... but that's something I can fix
> at commit time.
Well, files in /usr/lib/tmpfiles.d/ need to end in '.conf' and it makes sense
to name them like their package - so 'openvpn.conf'.
We can have a different file name in repository / tarball, but the build
system should install it there.
--
main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/* Best regards my address: */=0;b=c[a++];)
putchar(b-1/(/* Chris cc -ox -xc - && ./x */b/42*2-3)*42);}
pgpRz_4bwUVVV.pgp
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
