scripts: added basic service/sysconfig/apparmor templates

this should help packaging the project to other platforms

thanks @darix!

diff --git a/scripts/kresd.apparmor b/scripts/kresd.apparmor
new file mode 100644 (file)
index 0000000..81fa5a1
--- /dev/null
+++ b/scripts/kresd.apparmor
@@ -0,0 +1,30 @@
+#include <tunables/global>
+
+/usr/bin/kresd {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+  capability net_bind_service,
+  capability setgid,
+  capability setuid,
+  # seems to be needed during start to read /var/lib/kresd
+  # while we still run as root.
+  capability dac_override,
+
+  network tcp,
+  network udp,
+
+  /proc/sys/net/core/somaxconn r,
+  /etc/kresd/* r, 
+  /var/lib/kresd/ r,
+  /var/lib/kresd/** rwlk,
+
+  # modules
+  /usr/lib{,64}/kdns_modules/*.lua r,
+  /usr/lib{,64}/kdns_modules/*.so rm,
+
+  # for tinyweb
+  /usr/lib{,64}/kdns_modules/tinyweb/ r,
+  /usr/lib{,64}/kdns_modules/tinyweb/* r,
+  /var/lib/GeoIP/* r,
+}
+

diff --git a/scripts/kresd.service b/scripts/kresd.service
new file mode 100644 (file)
index 0000000..b6a00ad
--- /dev/null
+++ b/scripts/kresd.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Knot DNS Resolver daemon
+After=syslog.target network.target auditd.service
+
+[Service]
+Type=simple
+EnvironmentFile=-/etc/sysconfig/kresd
+ExecStart=/usr/bin/kresd -c /etc/kresd/config -f $KRESD_WORKERS $KRESD_OPTIONS /var/lib/kresd/
+Restart=on-abort
+
+[Install]
+WantedBy=multi-user.target

diff --git a/scripts/kresd.sysconfig b/scripts/kresd.sysconfig
new file mode 100644 (file)
index 0000000..ceb5e30
--- /dev/null
+++ b/scripts/kresd.sysconfig
@@ -0,0 +1,14 @@
+## Path:        System/DNS
+## Description: Number of worker processes to spawn
+## Type:        integer
+## Default:     1
+## ServiceRestart:      kresd
+##
+#
+# Number of workers to spawn for kresd.
+# If you get start up failures with "already in use" your libuv is too
+# old and you have to stick to 1.
+#
+KRESD_WORKERS=1
+# Additional options
+KRESD_OPTIONS=