25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-22 17:28:25 +01:00
Commit Graph

9 Commits

Author SHA1 Message Date
Holger Weiss
a5e737157c Increase file descriptor limit in systemd unit
16,000 file descriptors will only suffice for small setups.
2016-10-20 00:12:02 +02:00
Holger Weiss
0a3fcc9ade Don't specify "ExecReload" command in systemd unit
The "reload_config" command doesn't work the way admins would typically
expect, so it shouldn't be exposed via systemd.  Those who understand
the behavior can execute the command using ejabberdctl.
2016-10-19 23:37:26 +02:00
Holger Weiss
7621564839 Let systemd restart ejabberd on failure
The "RestartSec=5" setting has no effect if "Restart" is not also
specified.
2016-10-19 23:35:22 +02:00
Holger Weiss
686305bb21 Use "Type=forking" in systemd unit
ejabberd is not a "oneshot" process.
2016-10-19 23:32:07 +02:00
Holger Weiss
c3b62d2f75 Don't set "NoNewPrivileges" in systemd unit
The "NoNewPrivileges" setting breaks some PAM and extauth setups.

Fixes #1281.
2016-10-19 23:29:46 +02:00
Holger Weiss
f56840a682 Don't let systemd hide /home and /tmp
Admins might expect ejabberd to be able to access data below /home or
/tmp.  For example, they might use those locations to dump/restore
Mnesia backups, or as a document root for mod_http_fileserver or
mod_http_upload.

Fixes #1297.
2016-10-19 23:11:26 +02:00
Craig Andrews
2e28d06744 Harden the systemd unit
Restrict capabilities, have a private tmp directory, private /dev, and don't accessing file system locations that really shouldn't be accessed.
2016-06-28 17:02:41 -04:00
Christophe Romain
914578a85e Fix start via systemd (#978) 2016-03-24 11:06:42 +01:00
Christophe Romain
e0ffcbe45d Add script for systemd (Guthub #434) 2015-02-23 15:52:18 +01:00