From e6fabfef6f3ad12109f3aee7b430c85dcc661d51 Mon Sep 17 00:00:00 2001 From: Roman Gershman Date: Wed, 12 Feb 2025 09:18:51 +0200 Subject: [PATCH] fix: debian path in dragonfly.service (#4594) Split the rpm service file from debian. Fixes #4593 Signed-off-by: Roman Gershman --- tools/packaging/debian/dragonfly.service | 2 +- tools/packaging/rpm/dragonfly.service | 44 +++++++++++++++++++++++- 2 files changed, 44 insertions(+), 2 deletions(-) mode change 120000 => 100755 tools/packaging/rpm/dragonfly.service diff --git a/tools/packaging/debian/dragonfly.service b/tools/packaging/debian/dragonfly.service index 593076eb1..0bb02994b 100755 --- a/tools/packaging/debian/dragonfly.service +++ b/tools/packaging/debian/dragonfly.service @@ -6,7 +6,7 @@ Documentation= [Service] Type=simple EnvironmentFile=-/etc/dragonfly/environment -ExecStart=/usr/local/bin/dragonfly --flagfile=/etc/dragonfly/dragonfly.conf +ExecStart=/usr/bin/dragonfly --flagfile=/etc/dragonfly/dragonfly.conf PIDFile=/var/run/dragonfly/dragonfly.pid TimeoutStopSec=infinity Restart=always diff --git a/tools/packaging/rpm/dragonfly.service b/tools/packaging/rpm/dragonfly.service deleted file mode 120000 index 72d047816..000000000 --- a/tools/packaging/rpm/dragonfly.service +++ /dev/null @@ -1 +0,0 @@ -../debian/dragonfly.service \ No newline at end of file diff --git a/tools/packaging/rpm/dragonfly.service b/tools/packaging/rpm/dragonfly.service new file mode 100755 index 000000000..593076eb1 --- /dev/null +++ b/tools/packaging/rpm/dragonfly.service @@ -0,0 +1,43 @@ +[Unit] +Description=Modern and fast key-value store +After=network.target +Documentation= + +[Service] +Type=simple +EnvironmentFile=-/etc/dragonfly/environment +ExecStart=/usr/local/bin/dragonfly --flagfile=/etc/dragonfly/dragonfly.conf +PIDFile=/var/run/dragonfly/dragonfly.pid +TimeoutStopSec=infinity +Restart=always +User=dfly +Group=dfly +RuntimeDirectory=dragonfly +RuntimeDirectoryMode=2755 + +UMask=007 +PrivateTmp=yes +LimitNOFILE=262144 +PrivateDevices=yes +ProtectHome=yes +ProtectSystem=full + +ReadWritePaths=-/var/lib/dragonfly +ReadWritePaths=-/var/log/dragonfly +ReadWritePaths=-/var/run/dragonfly + +NoNewPrivileges=true +CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE +MemoryDenyWriteExecute=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +RestrictRealtime=true +RestrictNamespaces=true +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX + + + +[Install] +WantedBy=multi-user.target +Alias=dragonfly.service