From: Lennart Poettering Date: Wed, 18 Apr 2018 16:50:06 +0000 (+0200) Subject: man: don't place nginx socket in /tmp (#8757) X-Git-Tag: v239~390 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=edd1dcd091bf7df555f099d68033a4405b804070;p=thirdparty%2Fsystemd.git man: don't place nginx socket in /tmp (#8757) First of all, it's frickin' ugly and wrong, as IPC sockets should be placed in /run and definitely not under a guessable name under world-writable /tmp. Secondly, it can't even work as we set PrivateTmp=yes on the service. Hence, let's clean up the example, and simply use a socket in /run instead. Fixes: #8419 --- diff --git a/man/systemd-socket-proxyd.xml b/man/systemd-socket-proxyd.xml index ced509daabc..68baccae30b 100644 --- a/man/systemd-socket-proxyd.xml +++ b/man/systemd-socket-proxyd.xml @@ -111,7 +111,7 @@ Requires=proxy-to-nginx.socket After=proxy-to-nginx.socket [Service] -ExecStart=/usr/lib/systemd/systemd-socket-proxyd /tmp/nginx.sock +ExecStart=/usr/lib/systemd/systemd-socket-proxyd /run/nginx/socket PrivateTmp=yes PrivateNetwork=yes]]> @@ -120,7 +120,7 @@ PrivateNetwork=yes]]>