ProtectSystem=true mounts the /usr and /boot directories read-only.
ProtectHome=true makes the directories /home, /root and /run/user
inaccessible and empty for the process.
See systemd.exec(5) [0] for details.
v2: Replace ProtectSystem=strict with ProtectSystem=true. Some
configurations may want to write to /etc or the like.
[0] https://www.freedesktop.org/software/systemd/man/systemd.exec.html
Signed-off-by: Christian Hesse <mail@eworm.de>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20161227221832.610-1-list@eworm.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13743.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
Different unit instances create and destroy the same RuntimeDirectory.
This leads to running instances where the status file (and possibly
more runtime data) is no longer accessible.
So do not handle this in unit files but provide a tmpfiles.d
configuration and let systemd-tmpfiles do the work.
Nobody will (unintentionally) delete the directories and its content.
As /run is volatile we do not have to care about cleanup.
Signed-off-by: Christian Hesse <mail@eworm.de>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20170124143947.27385-2-list@eworm.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13939.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
If systemd is enabled we install unit files to $libdir/systemd/system
(or the path specified by SYSTEMD_UNIT_DIR).
The unit files are generated on the fly with matching $sbindir.
Signed-off-by: Christian Hesse <mail@eworm.de>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20170124143947.27385-1-list@eworm.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13940.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
2017-01-25 19:39:42 +01:00
Renamed from distro/systemd/openvpn-server@.service (Browse further)
