On 16/12/16 22:00, Christian Hesse wrote: > From: Christian Hesse <m...@eworm.de> > > Different unit instances create and destroy the same RuntimeDirectory. > This leads to running instances where the status file (and possibly > more runtime data) is no longer accessible. > > So do not handle this in unit files but provide a tmpfiles.d > configuration and let systemd-tmpfiles do the work. > Nobody will (unintentionally) delete the directories and its content. > As /run is volatile we do not have to care about cleanup. > > Signed-off-by: Christian Hesse <m...@eworm.de> > --- > distro/systemd/openvpn-client@.service | 2 -- > distro/systemd/openvpn-server@.service | 2 -- > distro/systemd/openvpn.conf | 2 ++ > 3 files changed, 2 insertions(+), 4 deletions(-) > create mode 100644 distro/systemd/openvpn.conf > > diff --git a/distro/systemd/openvpn-client@.service > b/distro/systemd/openvpn-client@.service > index 5618af3..1187ee8 100644 > --- a/distro/systemd/openvpn-client@.service > +++ b/distro/systemd/openvpn-client@.service > @@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO > [Service] > Type=notify > PrivateTmp=true > -RuntimeDirectory=openvpn-client > -RuntimeDirectoryMode=0710 > WorkingDirectory=/etc/openvpn/client > ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf > CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID > CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE > diff --git a/distro/systemd/openvpn-server@.service > b/distro/systemd/openvpn-server@.service > index b9b4dba..25a6bb7 100644 > --- a/distro/systemd/openvpn-server@.service > +++ b/distro/systemd/openvpn-server@.service > @@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO > [Service] > Type=notify > PrivateTmp=true > -RuntimeDirectory=openvpn-server > -RuntimeDirectoryMode=0710 > WorkingDirectory=/etc/openvpn/server > ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log > --status-version 2 --suppress-timestamps --config %i.conf > CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE > CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE > diff --git a/distro/systemd/openvpn.conf b/distro/systemd/openvpn.conf > new file mode 100644 > index 0000000..bb79671 > --- /dev/null > +++ b/distro/systemd/openvpn.conf > @@ -0,0 +1,2 @@ > +d /run/openvpn-client 0710 root root - > +d /run/openvpn-server 0710 root root - >
ACK This works as expected from debian8/systemd 215 to arch/systemd 232 -- ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
