summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorRicardo (XenGi) Band2020-01-15 20:47:50 +0100
committerRicardo (XenGi) Band2020-01-15 20:47:50 +0100
commit681a423569f34dc49c97bd1cbbf6c7bf31467883 (patch)
tree065ef341ba33e68bf0aca16de5b2e0440228c465
parent4480b09dd2a3eeea4c03728ee8e84a522c081e48 (diff)
downloadaur-681a423569f34dc49c97bd1cbbf6c7bf31467883.tar.gz
fixed service files
Diffstat
-rw-r--r--.SRCINFO2
-rw-r--r--PKGBUILD2
-rw-r--r--rqlite.service17
-rw-r--r--rqlite@.service16
4 files changed, 31 insertions, 6 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 41aacaad3e13..90fc7a38609a 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
pkgbase = rqlite
pkgdesc = rqlite is a lightweight, distributed relational database, which uses SQLite as its storage engine
pkgver = 5.1.0
- pkgrel = 1
+ pkgrel = 2
url = http://www.rqlite.com/
arch = x86_64
source = https://github.com/rqlite/rqlite/releases/download/v5.1.0/rqlite-v5.1.0-linux-amd64.tar.gz
diff --git a/PKGBUILD b/PKGBUILD
index f8c41d2cc457..d3c67a790b73 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,7 +1,7 @@
# Maintainer: Ricardo Band <email@ricardo.band>
pkgname=rqlite
pkgver=5.1.0
-pkgrel=1
+pkgrel=2
pkgdesc="rqlite is a lightweight, distributed relational database, which uses SQLite as its storage engine"
arch=(x86_64)
url="http://www.rqlite.com/"
diff --git a/rqlite.service b/rqlite.service
index e54833b78ac5..47a6047bdebd 100644
--- a/rqlite.service
+++ b/rqlite.service
@@ -7,9 +7,22 @@ Wants=network-online.target
Type=simple
User=rqlite
Group=rqlite
-ExecStart=/usr/bin/rqlited -node-id $(cat /etc/machine-id) -http-addr 0.0.0.0:4001 -raft-addr 0.0.0.0:4002 /run/rqlite
+ExecStart=/usr/bin/rqlited -http-addr 0.0.0.0:4001 -raft-addr 0.0.0.0:4002 $STATE_DIRECTORY
Restart=always
-WorkingDirectory=/run/rqlite
+# security
+NoNewPrivileges=true
+ProtectSystem=strict
+ProtectHome=yes
+StateDirectory=rqlite
+StateDirectoryMode=0750
+ConfigurationDirectory=rqlite
+ConfigurationDirectoryMode=0750
+PrivateTmp=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+
[Install]
WantedBy=multi-user.target
diff --git a/rqlite@.service b/rqlite@.service
index b1f0ed4023ae..014b51ac7010 100644
--- a/rqlite@.service
+++ b/rqlite@.service
@@ -7,9 +7,21 @@ Wants=network-online.target
Type=simple
User=rqlite
Group=rqlite
-ExecStart=/usr/bin/rqlited -node-id $(cat /etc/machine-id) -http-addr 0.0.0.0:4001 -raft-addr 0.0.0.0:4002 -disco-id %i /run/rqlite
+ExecStart=/usr/bin/rqlited -http-addr 0.0.0.0:4001 -raft-addr 0.0.0.0:4002 -disco-id %i $STATE_DIRECTORY
Restart=always
-WorkingDirectory=/run/rqlite
+# security
+NoNewPrivileges=true
+ProtectSystem=strict
+ProtectHome=yes
+StateDirectory=rqlite
+StateDirectoryMode=0750
+ConfigurationDirectory=rqlite
+ConfigurationDirectoryMode=0750
+PrivateTmp=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
[Install]
WantedBy=multi-user.target