From: Vincent Bernat <vincent@bernat.im>
Date: Thu, 13 Jul 2017 06:47:57 +0000 (+0200)
Subject: daemon: systemd unit cannot use ProtectSystem=strict
X-Git-Tag: 0.9.8~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=caecd83c46bc0fce79e8e550e3c28d33ce32a2c6;p=thirdparty%2Flldpd.git

daemon: systemd unit cannot use ProtectSystem=strict

lldpd needs to create its socket in `/run`. It's put outside the chroot
on purpose but it's not on a directory on its own.
---

diff --git a/src/daemon/lldpd.service.in b/src/daemon/lldpd.service.in
index 4f4ff0ee..c95afa7d 100644
--- a/src/daemon/lldpd.service.in
+++ b/src/daemon/lldpd.service.in
@@ -18,10 +18,8 @@ PrivateTmp=yes
 # systemd >= 214
 #ProtectHome=yes
 #ProtectSystem=yes
-# systemd >= 231
-#ReadWritePaths=@PRIVSEP_CHROOT@
 # systemd >= 232
-#ProtectSystem=strict
+#ProtectSystem=full
 #ProtectKernelTunables=yes
 #ProtectControlGroups=yes
 #ProtectKernelModules=yes