From 7660bba111f739f9cc7017c392c1434f201b8c44 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 1 Dec 2016 22:31:04 +0100 Subject: [PATCH] Refuse to daemonize when running from systemd We start with systemd Type=notify, so refuse to daemonize. This does not affect starting openvpn from script or command line. v2: Update commit message about script and command line. Signed-off-by: Christian Hesse Tested-By: Richard Bonhomme Acked-by: David Sommerseth Message-Id: <20161201213104.5667-2-list@eworm.de> URL: http://www.mail-archive.com/search?l=mid&q=20161201213104.5667-2-list@eworm.de Signed-off-by: David Sommerseth --- distro/systemd/openvpn-client@.service | 1 - distro/systemd/openvpn-server@.service | 1 - src/openvpn/init.c | 7 +++++++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/distro/systemd/openvpn-client@.service b/distro/systemd/openvpn-client@.service index f64a23965..5618af3a3 100644 --- a/distro/systemd/openvpn-client@.service +++ b/distro/systemd/openvpn-client@.service @@ -12,7 +12,6 @@ PrivateTmp=true RuntimeDirectory=openvpn-client RuntimeDirectoryMode=0710 WorkingDirectory=/etc/openvpn/client -ExecStartPre=/bin/sh -c 'grep -q -E ^daemon %i.conf || exit 0 && /usr/bin/echo "OpenVPN configuration cannot contain --daemon when being managed by systemd" ; exit 1' ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE LimitNPROC=10 diff --git a/distro/systemd/openvpn-server@.service b/distro/systemd/openvpn-server@.service index 890e6a9ff..b9b4dba18 100644 --- a/distro/systemd/openvpn-server@.service +++ b/distro/systemd/openvpn-server@.service @@ -12,7 +12,6 @@ PrivateTmp=true RuntimeDirectory=openvpn-server RuntimeDirectoryMode=0710 WorkingDirectory=/etc/openvpn/server -ExecStartPre=/bin/sh -c 'grep -q -E ^daemon %i.conf || exit 0 && /usr/bin/echo "OpenVPN configuration cannot contain --daemon when being managed by systemd" ; exit 1' ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE LimitNPROC=10 diff --git a/src/openvpn/init.c b/src/openvpn/init.c index f99c934bf..74f113956 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -930,6 +930,13 @@ bool possibly_become_daemon (const struct options *options) { bool ret = false; + +#ifdef ENABLE_SYSTEMD + /* return without forking if we are running from systemd */ + if (sd_notify(0, "READY=0") > 0) + return ret; +#endif + if (options->daemon) { ASSERT (!options->inetd); -- 2.47.2