25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-26 17:38:45 +01:00
Commit Graph

12 Commits

Author SHA1 Message Date
Holger Weiss
ed792274e3 Omit "ProtectSystem" option from systemd unit
With "ProtectSystem", /usr is mounted read-only, so things will fail
when e.g. /usr/local is used as the installation prefix.  Whether such
options make sense depends on the environment, so they should rather be
set by package maintainers and/or admins.
2017-10-28 21:31:04 +02:00
Holger Weiss
519f3db6b6 Specify "ExecReload" command in systemd unit
Now that "ejabberdctl reload_config" works the way most admins would
expect, expose the command via systemd.
2017-02-23 18:16:56 +01:00
Holger Weiss
1bdbe54442 Let systemd stop ejabberd gracefully
Make sure the "ExecStop" command line blocks until ejabberd is actually
stopped.  This prevents systemd from killing the ejabberd process(es)
immediately.

Also, let the "ExecStart" command line block until ejabberd's startup is
completed.  This makes sure that services which depend on ejabberd
aren't started up too early.
2016-10-20 00:27:50 +02:00
Holger Weiss
a5e737157c Increase file descriptor limit in systemd unit
16,000 file descriptors will only suffice for small setups.
2016-10-20 00:12:02 +02:00
Holger Weiss
0a3fcc9ade Don't specify "ExecReload" command in systemd unit
The "reload_config" command doesn't work the way admins would typically
expect, so it shouldn't be exposed via systemd.  Those who understand
the behavior can execute the command using ejabberdctl.
2016-10-19 23:37:26 +02:00
Holger Weiss
7621564839 Let systemd restart ejabberd on failure
The "RestartSec=5" setting has no effect if "Restart" is not also
specified.
2016-10-19 23:35:22 +02:00
Holger Weiss
686305bb21 Use "Type=forking" in systemd unit
ejabberd is not a "oneshot" process.
2016-10-19 23:32:07 +02:00
Holger Weiss
c3b62d2f75 Don't set "NoNewPrivileges" in systemd unit
The "NoNewPrivileges" setting breaks some PAM and extauth setups.

Fixes #1281.
2016-10-19 23:29:46 +02:00
Holger Weiss
f56840a682 Don't let systemd hide /home and /tmp
Admins might expect ejabberd to be able to access data below /home or
/tmp.  For example, they might use those locations to dump/restore
Mnesia backups, or as a document root for mod_http_fileserver or
mod_http_upload.

Fixes #1297.
2016-10-19 23:11:26 +02:00
Craig Andrews
2e28d06744 Harden the systemd unit
Restrict capabilities, have a private tmp directory, private /dev, and don't accessing file system locations that really shouldn't be accessed.
2016-06-28 17:02:41 -04:00
Christophe Romain
914578a85e Fix start via systemd (#978) 2016-03-24 11:06:42 +01:00
Christophe Romain
e0ffcbe45d Add script for systemd (Guthub #434) 2015-02-23 15:52:18 +01:00