Hi Sunil, On Fri, Feb 08, 2019 at 06:15:44PM -0800, Sunil Mohan Adapa <su...@medhas.org> wrote: > It would nice to have a systemd service file for starting/stopping the daemon. > It would avoid problems like #920466 and improve security due various > restrictions that systemd can place. Attached is service file that we have > tested for some simple operations. It lets the log get collected by journald > on > systems running systemd allowing for better log rotation too. >
I agree it would be a very nice improvement in the packaging. Thanks for brining this up in a bugreport and providing a patch! I have a doubt about which systemd features to enable by default though. I can see thath Fedora/RedHat enabled really a few, as you can see in [1]. For this reason, I'll ask for advice from Michael (systemd's maintainer). Michael, Sunil here is proposing a .service file for mldonkey-server. I am wondering if we should aim for a simplistic approach as in [1] or if we should enable by default features proposed by Sunil in his patch (see below). What do you think? What would be your recommendation? [1] https://src.fedoraproject.org/rpms/mldonkey/blob/2a45ff06778cadc4d58435ca1e7187396012c6f1/f/mldonkey.service Regards, > [Unit] > Description=MLDonkey: Multi-protocol, peer-to-peer file sharing server > After=syslog.target network.target > ConditionPathExists=/var/lib/mldonkey/downloads.ini > Documentation=man:mlnet(1) http://mldonkey.sourceforge.net/Main_Page > > [Service] > ExecStart=/usr/bin/mlnet > Group=mldonkey > LockPersonality=yes > NoNewPrivileges=yes > PrivateDevices=yes > PrivateMounts=yes > PrivateTmp=yes > PrivateUsers=yes > ProtectControlGroups=yes > ProtectHome=yes > ProtectKernelModules=yes > ProtectKernelTunables=yes > ProtectSystem=strict > ReadWritePaths=/var/lib/mldonkey > RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 > RestrictRealtime=yes > StateDirectory=mldonkey > SystemCallArchitectures=native > Type=simple > User=mldonkey > WorkingDirectory=/var/lib/mldonkey > > [Install] > WantedBy=multi-user.target -- Mehdi Dogguy
