Chapril
/
xmpp.chapril.org-ejabberd
mirror of https://github.com/processone/ejabberd.git
24
1
Fork 0
Code Releases Activity
4,977 Commits 7 Branches 106 Tags 78 MiB
Commit Graph

9 Commits

Author SHA1 Message Date
Holger Weiss a5e737157c Increase file descriptor limit in systemd unit 
16,000 file descriptors will only suffice for small setups.
 2016-10-20 00:12:02 +02:00
Holger Weiss 0a3fcc9ade Don't specify "ExecReload" command in systemd unit 
The "reload_config" command doesn't work the way admins would typically
expect, so it shouldn't be exposed via systemd.  Those who understand
the behavior can execute the command using ejabberdctl.
 2016-10-19 23:37:26 +02:00
Holger Weiss 7621564839 Let systemd restart ejabberd on failure 
The "RestartSec=5" setting has no effect if "Restart" is not also
specified.
 2016-10-19 23:35:22 +02:00
Holger Weiss 686305bb21 Use "Type=forking" in systemd unit 
ejabberd is not a "oneshot" process.
 2016-10-19 23:32:07 +02:00
Holger Weiss c3b62d2f75 Don't set "NoNewPrivileges" in systemd unit 
The "NoNewPrivileges" setting breaks some PAM and extauth setups.

Fixes #1281.
 2016-10-19 23:29:46 +02:00
Holger Weiss f56840a682 Don't let systemd hide /home and /tmp 
Admins might expect ejabberd to be able to access data below /home or
/tmp.  For example, they might use those locations to dump/restore
Mnesia backups, or as a document root for mod_http_fileserver or
mod_http_upload.

Fixes #1297.
 2016-10-19 23:11:26 +02:00
Craig Andrews 2e28d06744 Harden the systemd unit 
Restrict capabilities, have a private tmp directory, private /dev, and don't accessing file system locations that really shouldn't be accessed.
 2016-06-28 17:02:41 -04:00
Christophe Romain 914578a85e Fix start via systemd (#978) 2016-03-24 11:06:42 +01:00
Christophe Romain e0ffcbe45d Add script for systemd (Guthub #434) 2015-02-23 15:52:18 +01:00