summarylogtreecommitdiffstats
path: root/0002-do-not-race-on-RuntimeDirectory.patch
diff options
context:
space:
mode:
Diffstat (limited to '0002-do-not-race-on-RuntimeDirectory.patch')
-rw-r--r--0002-do-not-race-on-RuntimeDirectory.patch50
1 files changed, 50 insertions, 0 deletions
diff --git a/0002-do-not-race-on-RuntimeDirectory.patch b/0002-do-not-race-on-RuntimeDirectory.patch
new file mode 100644
index 000000000000..7e4783e62dca
--- /dev/null
+++ b/0002-do-not-race-on-RuntimeDirectory.patch
@@ -0,0 +1,50 @@
+From 0f91d8cb9aa7102fedfb1ff524b945fde83817f8 Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail@eworm.de>
+Date: Fri, 16 Dec 2016 16:53:47 +0100
+Subject: [PATCH 1/1] do not race on RuntimeDirectory
+
+Different unit instances create and destroy the same RuntimeDirectory.
+This leads to running instances where the status file (and possibly
+more runtime data) is no longer accessible.
+
+So create a RuntimeDirectory per instance.
+
+Signed-off-by: Christian Hesse <mail@eworm.de>
+---
+ distro/systemd/openvpn-client@.service | 2 +-
+ distro/systemd/openvpn-server@.service | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/distro/systemd/openvpn-client@.service b/distro/systemd/openvpn-client@.service
+index 5618af3..fcb5302 100644
+--- a/distro/systemd/openvpn-client@.service
++++ b/distro/systemd/openvpn-client@.service
+@@ -9,7 +9,7 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
+ [Service]
+ Type=notify
+ PrivateTmp=true
+-RuntimeDirectory=openvpn-client
++RuntimeDirectory=openvpn-client@%i
+ RuntimeDirectoryMode=0710
+ WorkingDirectory=/etc/openvpn/client
+ ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf
+diff --git a/distro/systemd/openvpn-server@.service b/distro/systemd/openvpn-server@.service
+index b9b4dba..8b240cf 100644
+--- a/distro/systemd/openvpn-server@.service
++++ b/distro/systemd/openvpn-server@.service
+@@ -9,10 +9,10 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
+ [Service]
+ Type=notify
+ PrivateTmp=true
+-RuntimeDirectory=openvpn-server
++RuntimeDirectory=openvpn-server@%i
+ RuntimeDirectoryMode=0710
+ WorkingDirectory=/etc/openvpn/server
+-ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
++ExecStart=/usr/sbin/openvpn --status %t/openvpn-server@%i/status.log --status-version 2 --suppress-timestamps --config %i.conf
+ CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+ LimitNPROC=10
+ DeviceAllow=/dev/null rw
+--
+2.11.0
+