summaryrefslogtreecommitdiff
path: root/net-dialup/freeradius/files
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2020-01-15 15:51:32 +0000
committerV3n3RiX <venerix@redcorelinux.org>2020-01-15 15:51:32 +0000
commit21435953e16cda318a82334ddbadb3b5c36d9ea7 (patch)
treee1810a4b135afce04b34862ef0fab2bfaeb8aeca /net-dialup/freeradius/files
parent7bc9c63c9da678a7e6fceb095d56c634afd22c56 (diff)
gentoo resync : 15.01.2020
Diffstat (limited to 'net-dialup/freeradius/files')
-rw-r--r--net-dialup/freeradius/files/freeradius-3.0.19-systemd-service.patch53
1 files changed, 53 insertions, 0 deletions
diff --git a/net-dialup/freeradius/files/freeradius-3.0.19-systemd-service.patch b/net-dialup/freeradius/files/freeradius-3.0.19-systemd-service.patch
new file mode 100644
index 000000000000..37b67dfb21a5
--- /dev/null
+++ b/net-dialup/freeradius/files/freeradius-3.0.19-systemd-service.patch
@@ -0,0 +1,53 @@
+--- a/debian/freeradius.service 2019-12-01 10:02:31.453150556 +0100
++++ b/debian/freeradius.service 2019-12-01 10:08:16.781370632 +0100
+@@ -4,11 +4,10 @@
+ Documentation=man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/ http://networkradius.com/doc/
+
+ [Service]
+-Type=notify
+-WatchdogSec=60
+-NotifyAccess=all
+-PIDFile=/run/freeradius/freeradius.pid
+-EnvironmentFile=-/etc/default/freeradius
++# In 3.0.19 SystemD integration is broken.
++# Type=notify
++# WatchdogSec=60
++# NotifyAccess=all
+
+ # FreeRADIUS can do static evaluation of policy language rules based
+ # on environmental variables which is very useful for doing per-host
+@@ -26,17 +25,27 @@
+ # Ensure the daemon can still write its pidfile after it drops
+ # privileges. Combination of options that work on a variety of
+ # systems. Test very carefully if you alter these lines.
+-RuntimeDirectory=freeradius
++RuntimeDirectory=radiusd
+ RuntimeDirectoryMode=0775
+ # This does not work on Debian Jessie:
+-Group=freerad
+-# This does not work on Ubuntu Bionic:
+-ExecStartPre=/bin/chown freerad:freerad /var/run/freeradius
+-
+-ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cx -lstdout
+-ExecStart=/usr/sbin/freeradius $FREERADIUS_OPTIONS
++Group=radius
++User=radius
++ExecStartPre=/usr/sbin/radiusd $RADIUSD_OPTS -Cx -lstdout
++ExecStart=/usr/sbin/radiusd -f $RADIUSD_OPTS
++ExecReload=/usr/sbin/radiusd -C $RADIUSD_OPTS
++ExecReload=/bin/kill -HUP $MAINPID
+ Restart=on-failure
+ RestartSec=5
++ReadOnlyDirectories=/etc/raddb/
++ReadWriteDirectories=/var/log/radius/
++# Security options (https://github.com/FreeRADIUS/freeradius-server/issues/2637)
++NoNewPrivileges=true
++CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW
++PrivateTmp=true
++ProtectControlGroups=true
++ProtectKernelModules=true
++ProtectKernelTunables=true
++SystemCallArchitectures=native
+
+ [Install]
+ WantedBy=multi-user.target
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 09:46:23 +0000