GitList

Browse code

Refuse to daemonize when running from systemd

We start with systemd Type=notify, so refuse to daemonize. This does not
affect starting openvpn from script or command line.

v2: Update commit message about script and command line.

Signed-off-by: Christian Hesse <mail@eworm.de>
Tested-By: Richard Bonhomme <fragmentux@gmail.com>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20161201213104.5667-2-list@eworm.de>
URL: http://www.mail-archive.com/search?l=mid&q=20161201213104.5667-2-list@eworm.de
Signed-off-by: David Sommerseth <davids@openvpn.net>

Christian Hesse authored on 2016/12/02 06:31:04
Showing 3 changed files

distro/systemd/openvpn-client@.service index f64a239..5618af3 100644
distro/systemd/openvpn-server@.service index 890e6a9..b9b4dba 100644
src/openvpn/init.c index f99c934..74f1139 100644

distro/systemd/openvpn-client@.service

History View file @ 7660bba

@@ -12,7 +12,6 @@ PrivateTmp=true
                      RuntimeDirectory=openvpn-client
                      RuntimeDirectoryMode=0710
                      WorkingDirectory=/etc/openvpn/client
                     -ExecStartPre=/bin/sh -c 'grep -q -E ^daemon %i.conf || exit 0 && /usr/bin/echo "OpenVPN configuration cannot contain --daemon when being managed by systemd" ; exit 1'
                      ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf
                      CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
                      LimitNPROC=10

distro/systemd/openvpn-server@.service

History View file @ 7660bba

@@ -12,7 +12,6 @@ PrivateTmp=true
                      RuntimeDirectory=openvpn-server
                      RuntimeDirectoryMode=0710
                      WorkingDirectory=/etc/openvpn/server
                     -ExecStartPre=/bin/sh -c 'grep -q -E ^daemon %i.conf || exit 0 && /usr/bin/echo "OpenVPN configuration cannot contain --daemon when being managed by systemd" ; exit 1'
                      ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
                      CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
                      LimitNPROC=10

src/openvpn/init.c

History View file @ 7660bba

@@ -930,6 +930,13 @@ bool
                      possibly_become_daemon (const struct options *options)
+                     {
                        bool ret = false;
+                    +
                     +#ifdef ENABLE_SYSTEMD
                     +  /* return without forking if we are running from systemd */
                     +  if (sd_notify(0, "READY=0") > 0)
                     +    return ret;
                     +#endif
+                    +
                        if (options->daemon)
+                         {
                            ASSERT (!options->inetd);