From: Vincent Bernat <vincent@bernat.ch>
Date: Fri, 30 Nov 2018 21:48:36 +0000 (+0100)
Subject: daemon: don't enable ProtectSystem by default
X-Git-Tag: 1.0.2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d39a304d0b68e68605908c04a6b23c6167344842;p=thirdparty%2Flldpd.git

daemon: don't enable ProtectSystem by default

If the chroot is in `/usr` (like `/usr/local/var/run/lldpd` which is
the default), neither systemd nor lldpd will be able to create and
write to it. This may be solved with `ReadWritePaths` (unsure if it
would create the directory), but this doesn't exist in older versions
of systemd.

Just comment the directive to let people know it exists and should
work in most cases.

Fix #308
---

diff --git a/src/daemon/lldpd.service.in b/src/daemon/lldpd.service.in
index 920a1311..ef13dad9 100644
--- a/src/daemon/lldpd.service.in
+++ b/src/daemon/lldpd.service.in
@@ -13,11 +13,10 @@ ExecStart=@sbindir@/lldpd $DAEMON_ARGS $LLDPD_OPTIONS
 Restart=on-failure
 PrivateTmp=yes
 ProtectHome=yes
-ProtectSystem=yes
-ProtectSystem=full
 ProtectKernelTunables=yes
 ProtectControlGroups=yes
 ProtectKernelModules=yes
+#ProtectSystem=full
 
 [Install]
 WantedBy=multi-user.target