blob: 7e4783e62dca121586191b06805a1cc0d9125515 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
From 0f91d8cb9aa7102fedfb1ff524b945fde83817f8 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Fri, 16 Dec 2016 16:53:47 +0100
Subject: [PATCH 1/1] do not race on RuntimeDirectory
Different unit instances create and destroy the same RuntimeDirectory.
This leads to running instances where the status file (and possibly
more runtime data) is no longer accessible.
So create a RuntimeDirectory per instance.
Signed-off-by: Christian Hesse <mail@eworm.de>
---
distro/systemd/openvpn-client@.service | 2 +-
distro/systemd/openvpn-server@.service | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/distro/systemd/openvpn-client@.service b/distro/systemd/openvpn-client@.service
index 5618af3..fcb5302 100644
--- a/distro/systemd/openvpn-client@.service
+++ b/distro/systemd/openvpn-client@.service
@@ -9,7 +9,7 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
[Service]
Type=notify
PrivateTmp=true
-RuntimeDirectory=openvpn-client
+RuntimeDirectory=openvpn-client@%i
RuntimeDirectoryMode=0710
WorkingDirectory=/etc/openvpn/client
ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf
diff --git a/distro/systemd/openvpn-server@.service b/distro/systemd/openvpn-server@.service
index b9b4dba..8b240cf 100644
--- a/distro/systemd/openvpn-server@.service
+++ b/distro/systemd/openvpn-server@.service
@@ -9,10 +9,10 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
[Service]
Type=notify
PrivateTmp=true
-RuntimeDirectory=openvpn-server
+RuntimeDirectory=openvpn-server@%i
RuntimeDirectoryMode=0710
WorkingDirectory=/etc/openvpn/server
-ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
+ExecStart=/usr/sbin/openvpn --status %t/openvpn-server@%i/status.log --status-version 2 --suppress-timestamps --config %i.conf
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
LimitNPROC=10
DeviceAllow=/dev/null rw
--
2.11.0
|