diff options
author | Sami Kerola <kerolasa@iki.fi> | 2018-10-07 12:09:42 +0100 |
---|---|---|
committer | Sami Kerola <kerolasa@iki.fi> | 2018-10-15 19:03:09 +0100 |
commit | d3e4b5f3be209ffac43afb1037a1c836df932448 (patch) | |
tree | 5ad23ba5baed95f99995a48c3aa162cef2d00a26 | |
parent | 499dcf82e0f1758f4f20282f6edd7ed66a460f41 (diff) | |
download | iputils-d3e4b5f3be209ffac43afb1037a1c836df932448.tar.gz |
ninfod: add systemd service unit file
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
-rw-r--r-- | ninfod/meson.build | 22 | ||||
-rw-r--r-- | systemd/ninfod.service.in | 26 |
2 files changed, 43 insertions, 5 deletions
diff --git a/ninfod/meson.build b/ninfod/meson.build index fc5ede4..4e3cfd9 100644 --- a/ninfod/meson.build +++ b/ninfod/meson.build @@ -16,8 +16,20 @@ executable('ninfod', [ninfod_sources, git_version_h], install_dir: 'sbin') conf_data = configuration_data() conf_data.set('prefix', get_option('prefix')) -configure_file(input : 'ninfod.sh.in', - output : 'ninfod.sh', - configuration : conf_data, - install : true, - install_dir : join_paths(get_option('sysconfdir'), 'init.d')) + +if systemd.found() + subs = configuration_data() + subs.set('sbindir', join_paths(get_option('prefix'), get_option('sbindir'))) + unit_file = configure_file( + input: '../systemd/ninfod.service.in', + output: 'ninfod.service', + configuration: subs + ) + install_data(unit_file, install_dir: systemdunitdir) +else + configure_file(input : 'ninfod.sh.in', + output : 'ninfod.sh', + configuration : conf_data, + install : true, + install_dir : join_paths(get_option('sysconfdir'), 'init.d')) +endif diff --git a/systemd/ninfod.service.in b/systemd/ninfod.service.in new file mode 100644 index 0000000..5ab69ca --- /dev/null +++ b/systemd/ninfod.service.in @@ -0,0 +1,26 @@ +[Unit] +Description=Respond to IPv6 Node Information Queries +Documentation=ninfod(8) +Requires=network.target +After=network.target + +[Service] +ExecStart=@sbindir@/ninfod -d + +AmbientCapabilities=CAP_NET_RAW +DynamicUser=yes +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=strict +ProtectHome=yes +ProtectControlGroups=yes +ProtectKernelTunables=yes +ProtectKernelModules=yes +MemoryDenyWriteExecute=yes +RestrictRealtime=yes +RestrictNamespaces=yes +SystemCallArchitectures=native +LockPersonality=yes + +[Install] +WantedBy=multi-user.target |