]> git.ipfire.org Git - thirdparty/openvpn.git/commitdiff
projects / thirdparty / openvpn.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ca5b4c2)
systemd: Do not race on RuntimeDirectory
authorChristian Hesse <mail@eworm.de>
Tue, 24 Jan 2017 14:39:47 +0000 (15:39 +0100)
committerDavid Sommerseth <davids@openvpn.net>
Wed, 25 Jan 2017 18:40:16 +0000 (19:40 +0100)
Different unit instances create and destroy the same RuntimeDirectory.
This leads to running instances where the status file (and possibly
more runtime data) is no longer accessible.

So do not handle this in unit files but provide a tmpfiles.d
configuration and let systemd-tmpfiles do the work.
Nobody will (unintentionally) delete the directories and its content.
As /run is volatile we do not have to care about cleanup.

Signed-off-by: Christian Hesse <mail@eworm.de>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20170124143947.27385-2-list@eworm.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13939.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
configure.ac patch | blob | blame | history
distro/systemd/Makefile.am patch | blob | blame | history
distro/systemd/openvpn-client@.service.in patch | blob | blame | history
distro/systemd/openvpn-server@.service.in patch | blob | blame | history
distro/systemd/tmpfiles-openvpn.conf [new file with mode: 0644] patch | blob

diff --git a/configure.ac b/configure.ac
index 48d8f0cdb31c71e36f636b1064495fdc7539f38d..79fb1ba2499c79a72e1671c7d0807169bff7a4f8 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -379,6 +379,7 @@ AC_ARG_VAR([MAN2HTML], [path to man2html utility])
 AC_ARG_VAR([GIT], [path to git utility])
 AC_ARG_VAR([SYSTEMD_ASK_PASSWORD], [path to systemd-ask-password utility])
 AC_ARG_VAR([SYSTEMD_UNIT_DIR], [Path of systemd unit directory @<:@default=LIBDIR/systemd/system@:>@])
+AC_ARG_VAR([TMPFILES_DIR], [Path of tmpfiles directory @<:@default=LIBDIR/tmpfiles.d@:>@])
 AC_PATH_PROGS([IFCONFIG], [ifconfig],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
 AC_PATH_PROGS([ROUTE], [route],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
 AC_PATH_PROGS([IPROUTE], [ip],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
@@ -1106,6 +1107,12 @@ if test "$enable_systemd" = "yes" ; then
     else
         systemdunitdir="\${libdir}/systemd/system"
     fi
+
+    if test -n "${TMPFILES_DIR}"; then
+        tmpfilesdir="${TMPFILES_DIR}"
+    else
+        tmpfilesdir="\${libdir}/tmpfiles.d"
+    fi
 fi
 
 
@@ -1283,6 +1290,7 @@ AC_SUBST([plugindir])
 AC_SUBST([sampledir])
 
 AC_SUBST([systemdunitdir])
+AC_SUBST([tmpfilesdir])
 
 VENDOR_SRC_ROOT="\$(abs_top_srcdir)/vendor/"
 VENDOR_DIST_ROOT="\$(abs_top_builddir)/vendor/dist"
diff --git a/distro/systemd/Makefile.am b/distro/systemd/Makefile.am
index b10c6edac3a4ccb0226b1d763d7f682bc868d8e7..1e3f3eaad8e7dbfaf023e4940f1dd893d5e5fe7e 100644 (file)
--- a/distro/systemd/Makefile.am
+++ b/distro/systemd/Makefile.am
@@ -13,6 +13,7 @@
                $< > $@.tmp && mv $@.tmp $@
 
 EXTRA_DIST = \
+       tmpfiles-openvpn.conf \
        openvpn-client@.service.in \
        openvpn-server@.service.in
 
@@ -20,6 +21,11 @@ if ENABLE_SYSTEMD
 systemdunit_DATA = \
        openvpn-client@.service \
        openvpn-server@.service
+tmpfiles_DATA = \
+       tmpfiles-openvpn.conf
+
+install-data-hook:
+       mv $(DESTDIR)$(tmpfilesdir)/tmpfiles-openvpn.conf $(DESTDIR)$(tmpfilesdir)/openvpn.conf
 endif
 
 MAINTAINERCLEANFILES = \
diff --git a/distro/systemd/openvpn-client@.service.in b/distro/systemd/openvpn-client@.service.in
index d9337729a7bc6ec7bc672ee78628faba180694cb..1be1e33225f3b872a6c39b230fda27be1b202ec1 100644 (file)
--- a/distro/systemd/openvpn-client@.service.in
+++ b/distro/systemd/openvpn-client@.service.in
@@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
 [Service]
 Type=notify
 PrivateTmp=true
-RuntimeDirectory=openvpn-client
-RuntimeDirectoryMode=0710
 WorkingDirectory=/etc/openvpn/client
 ExecStart=@sbindir@/openvpn --suppress-timestamps --nobind --config %i.conf
 CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
diff --git a/distro/systemd/openvpn-server@.service.in b/distro/systemd/openvpn-server@.service.in
index da5c78e1a1fe21fc86da78ba861313f5c77f7455..3dccaf253985b3c314ab5998c0da670f5257da29 100644 (file)
--- a/distro/systemd/openvpn-server@.service.in
+++ b/distro/systemd/openvpn-server@.service.in
@@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
 [Service]
 Type=notify
 PrivateTmp=true
-RuntimeDirectory=openvpn-server
-RuntimeDirectoryMode=0710
 WorkingDirectory=/etc/openvpn/server
 ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
 CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
diff --git a/distro/systemd/tmpfiles-openvpn.conf b/distro/systemd/tmpfiles-openvpn.conf
new file mode 100644 (file)
index 0000000..bb79671
--- /dev/null
+++ b/distro/systemd/tmpfiles-openvpn.conf
@@ -0,0 +1,2 @@
+d /run/openvpn-client 0710 root root -
+d /run/openvpn-server 0710 root root -
Mirror of https://github.com/OpenVPN/openvpn.git