diff options
author | Andreas Linz | 2016-09-29 18:20:04 +0200 |
---|---|---|
committer | Andreas Linz | 2016-09-29 18:29:01 +0200 |
commit | 2a9ae6241311084d3591771fd128440a234ead26 (patch) | |
tree | c13bd87d849e8009c59492a272d89bea1c88c78a /caddy-systemd-service.patch | |
parent | 9f46a03481009ea945b6e07c7a0cb42668f061e4 (diff) | |
download | aur-2a9ae6241311084d3591771fd128440a234ead26.tar.gz |
Patch executable path
Diffstat (limited to 'caddy-systemd-service.patch')
-rw-r--r-- | caddy-systemd-service.patch | 47 |
1 files changed, 33 insertions, 14 deletions
diff --git a/caddy-systemd-service.patch b/caddy-systemd-service.patch index 3f85f13f9988..8ed422217346 100644 --- a/caddy-systemd-service.patch +++ b/caddy-systemd-service.patch @@ -1,14 +1,33 @@ -11,12c11,12 -< User=www-data -< Group=www-data ---- -> User=http -> Group=http -41,43c41,43 -< ;CapabilityBoundingSet=CAP_NET_BIND_SERVICE -< ;AmbientCapabilities=CAP_NET_BIND_SERVICE -< ;NoNewPrivileges=true ---- -> CapabilityBoundingSet=CAP_NET_BIND_SERVICE -> AmbientCapabilities=CAP_NET_BIND_SERVICE -> NoNewPrivileges=true +--- caddy_old.service 2016-09-29 18:04:15.356244279 +0200 ++++ caddy_new.service 2016-09-29 18:04:15.356244279 +0200 +@@ -8,14 +8,14 @@ + Restart=on-failure + + ; User and group the process will run as. +-User=www-data +-Group=www-data ++User=http ++Group=http + + ; Letsencrypt-issued certificates will be written to this directory. + Environment=HOME=/etc/ssl/caddy + + ; Always set "-root" to something safe in case it gets forgotten in the Caddyfile. +-ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp ++ExecStart=/usr/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp + ExecReload=/bin/kill -USR1 $MAINPID + + ; Limit the number of file descriptors; see `man systemd.exec` for more limit settings. +@@ -38,9 +38,9 @@ + ; The following additional security directives only work with systemd v229 or later. + ; They further retrict privileges that can be gained by caddy. Uncomment if you like. + ; Note that you may have to add capabilities required by any plugins in use. +-;CapabilityBoundingSet=CAP_NET_BIND_SERVICE +-;AmbientCapabilities=CAP_NET_BIND_SERVICE +-;NoNewPrivileges=true ++CapabilityBoundingSet=CAP_NET_BIND_SERVICE ++AmbientCapabilities=CAP_NET_BIND_SERVICE ++NoNewPrivileges=true + + [Install] + WantedBy=multi-user.target |