diff options
author | Sami Kerola <kerolasa@iki.fi> | 2018-10-07 10:48:54 +0100 |
---|---|---|
committer | Sami Kerola <kerolasa@iki.fi> | 2018-10-15 19:03:09 +0100 |
commit | 499dcf82e0f1758f4f20282f6edd7ed66a460f41 (patch) | |
tree | 3213fea30ff23f16efcc56905ae4cf5c9f3c7294 | |
parent | 471a2845c6e1118e82b1235a5aa13b39ae4cc517 (diff) | |
download | iputils-499dcf82e0f1758f4f20282f6edd7ed66a460f41.tar.gz |
rarpd: integrate systemd service file with build-system
In same go make service unit file to indicate which interface rarpd ought to
listen. The rarpd should not to go background, that helps systemd to know
what is going on with the process. And while one it lets harden rarpd unit
file to drop all unnecessary system access.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
-rw-r--r-- | meson.build | 17 | ||||
-rw-r--r-- | meson_options.txt | 3 | ||||
-rw-r--r-- | rarpd.service | 14 | ||||
-rw-r--r-- | systemd/rarpd.service.in | 27 |
4 files changed, 47 insertions, 14 deletions
diff --git a/meson.build b/meson.build index 7dcf65d..2943fb9 100644 --- a/meson.build +++ b/meson.build @@ -90,6 +90,12 @@ elif opt == 'none' conf.set('PING6_NONCE_MEMORY', 1, description : 'If set RFC6744 random does not use any CRYPTO lib.') endif +systemd = dependency('systemd', required : false) +systemdunitdir = get_option('systemdunitdir') +if systemdunitdir == '' and systemd.found() + systemdunitdir = systemd.get_pkgconfig_variable('systemdsystemunitdir') +endif + build_arping = get_option('BUILD_ARPING') build_clockdiff = get_option('BUILD_CLOCKDIFF') build_ping = get_option('BUILD_PING') @@ -218,7 +224,18 @@ endif if build_rarpd == true executable('rarpd', ['rarpd.c', git_version_h], + install_dir: 'sbin', install: true) + if systemd.found() + subs = configuration_data() + subs.set('sbindir', join_paths(get_option('prefix'), get_option('sbindir'))) + unit_file = configure_file( + input: 'systemd/rarpd.service.in', + output: 'rarpd@.service', + configuration: subs + ) + install_data(unit_file, install_dir: systemdunitdir) + endif endif if build_ninfod == true diff --git a/meson_options.txt b/meson_options.txt index 7860cdb..c825156 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -48,3 +48,6 @@ option('ARPING_DEFAULT_DEVICE', type : 'string', value : '', option('USE_SYSFS', type : 'boolean', value : true, description : 'Use /sys file system (arping)') + +option('systemdunitdir', type: 'string', value: '', + description: 'Directory for systemd units') diff --git a/rarpd.service b/rarpd.service deleted file mode 100644 index 137710e..0000000 --- a/rarpd.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Reverse Address Resolution Protocol Requests Server -Requires=network.target -After=syslog.target network.target - -[Service] -Type=forking -EnvironmentFile=-/etc/sysconfig/rarpd -ExecStart=/usr/sbin/rarpd $OPTIONS $INTERFACE -StandardError=syslog - -[Install] -WantedBy=multi-user.target - diff --git a/systemd/rarpd.service.in b/systemd/rarpd.service.in new file mode 100644 index 0000000..d161785 --- /dev/null +++ b/systemd/rarpd.service.in @@ -0,0 +1,27 @@ +[Unit] +Description=Reverse Address Resolution Protocol Requests Server (%I) +Documentation=man:rarpd(8) +Requires=network.target +After=network.target + +[Service] +EnvironmentFile=-/etc/sysconfig/rarpd +ExecStart=@sbindir@/rarpd -d $OPTIONS %i + +PrivateTmp=yes +PrivateDevices=yes +PrivateUsers=yes +ProtectSystem=strict +ProtectHome=yes +ProtectControlGroups=yes +ProtectKernelTunables=yes +ProtectKernelModules=yes +MemoryDenyWriteExecute=yes +RestrictRealtime=yes +RestrictNamespaces=yes +SystemCallArchitectures=native +LockPersonality=yes +NoNewPrivileges=yes + +[Install] +WantedBy=multi-user.target |