On 26/12/16 17:12, Christian Hesse wrote: > debbie10t <debbie...@gmail.com> on Sat, 2016/12/24 11:10: >> On 16/12/16 22:00, Christian Hesse wrote: >>> From: Christian Hesse <m...@eworm.de> >>> >>> Different unit instances create and destroy the same RuntimeDirectory. >>> This leads to running instances where the status file (and possibly >>> more runtime data) is no longer accessible. >>> >>> So do not handle this in unit files but provide a tmpfiles.d >>> configuration and let systemd-tmpfiles do the work. >>> Nobody will (unintentionally) delete the directories and its content. >>> As /run is volatile we do not have to care about cleanup. >>> >>> Signed-off-by: Christian Hesse <m...@eworm.de> >>> --- >>> distro/systemd/openvpn-client@.service | 2 -- >>> distro/systemd/openvpn-server@.service | 2 -- >>> distro/systemd/openvpn.conf | 2 ++ >>> 3 files changed, 2 insertions(+), 4 deletions(-) >>> create mode 100644 distro/systemd/openvpn.conf >>> >>> diff --git a/distro/systemd/openvpn-client@.service >>> b/distro/systemd/openvpn-client@.service index 5618af3..1187ee8 100644 >>> --- a/distro/systemd/openvpn-client@.service >>> +++ b/distro/systemd/openvpn-client@.service >>> @@ -9,8 +9,6 @@ >>> Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO [Service] >>> Type=notify >>> PrivateTmp=true >>> -RuntimeDirectory=openvpn-client >>> -RuntimeDirectoryMode=0710 >>> WorkingDirectory=/etc/openvpn/client >>> ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config >>> %i.conf CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW >>> CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE diff --git >>> a/distro/systemd/openvpn-server@.service >>> b/distro/systemd/openvpn-server@.service index b9b4dba..25a6bb7 100644 >>> --- a/distro/systemd/openvpn-server@.service +++ >>> b/distro/systemd/openvpn-server@.service @@ -9,8 +9,6 @@ >>> Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO [Service] >>> Type=notify >>> PrivateTmp=true >>> -RuntimeDirectory=openvpn-server >>> -RuntimeDirectoryMode=0710 >>> WorkingDirectory=/etc/openvpn/server >>> ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log >>> --status-version 2 --suppress-timestamps --config %i.conf >>> CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE >>> CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE diff >>> --git a/distro/systemd/openvpn.conf b/distro/systemd/openvpn.conf new >>> file mode 100644 index 0000000..bb79671 --- /dev/null >>> +++ b/distro/systemd/openvpn.conf >>> @@ -0,0 +1,2 @@ >>> +d /run/openvpn-client 0710 root root - >>> +d /run/openvpn-server 0710 root root - >>> >> >> ACK >> >> This works as expected from debian8/systemd 215 to arch/systemd 232 > > Great! Thanks for testing! > > But I think this will not make its way into 2.4.0? Will we see this in > release/2.4 for a bugfix release?
That is correct. What is in release/2.4 currently is what will be the v2.4.0 release unless something of a real blocker appears before I'll tag and push out the release commit some time tomorrow. I don't dare to add anything which is not absolutely strictly needed for the comming release. I'm just waiting for a the final Windows test results from Samuli before pushing out the final release. Then Samuli will publish all source tarballs, Windows installers and do the announcement. It's good that this is tested, but I'd like to have a more thorough review of this patch as well in addition to look at the automake rules so that we can install unit files and the tmpfiles.d config to the proper place as well during 'make install'. This will simplify the job of the packagers as well. One thing I'm pondering on though, is how clever it is to call the tmpfiles.d config file 'openvpn.conf' ... but that's something I can fix at commit time. -- kind regards, David Sommerseth OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
