Bug#921812: mldonkey-server: Add systemd service file for better security
Package: mldonkey-server
Version: 3.1.6-1+b1
Severity: wishlist
Tags: patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Dear Maintainer,
It would nice to have a systemd service file for starting/stopping the daemon.
It would avoid problems like #920466 and improve security due various
restrictions that systemd can place. Attached is service file that we have
tested for some simple operations. It lets the log get collected by journald on
systems running systemd allowing for better log rotation too.
Thanks,
- --
Sunil
- -- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IN.UTF-8, LC_CTYPE=en_IN.UTF-8 (charmap=UTF-8), LANGUAGE=en_IN.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages mldonkey-server depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.70
ii libbz2-1.0 1.0.6-9
ii libc6 2.28-5
ii libgcc1 1:8.2.0-14
ii libgd3 2.2.5-5
ii libjpeg62-turbo 1:1.5.2-2+b1
ii libpng16-16 1.6.36-2
ii libstdc++6 8.2.0-14
ii lsb-base 10.2018112800
ii mime-support 3.61
ii ucf 3.0038+nmu1
ii zlib1g 1:1.2.11.dfsg-1
mldonkey-server recommends no packages.
mldonkey-server suggests no packages.
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE5xPDY9ZyWnWupXSBQ+oc/wqnxfIFAlxeN80RHHN1bmlsQG1l
ZGhhcy5vcmcACgkQQ+oc/wqnxfI/FQ//ehnR13Ji5Up0G/onwHyarHM+Fd5whjmn
+clBJG28zX42ttgvFfbYokpEF6hoa0UeojNCKUayAlZIP+hK4opDv6u6dCABIr7H
hJczQt+sVgumRmzwXtxEQIzgz1cz60CGxSo9QTJprFm5Lq+ZdoaTPczruaOUDMGA
5/6slk4QTiAD8mYwArH1ajGEj0qkea/A5YZjvMXjwpckXGqzwuaoiR6ApelNrZYm
ZPscdPMHW+eLRUkhNXxbGB2KUCCAiRxRwYpbpdzvesYG7m1OCIw2M6X5rcR0uIcA
cBYH2SKkqWo59hy6d5VZ21tGwhdsps4rRK4nFJXYRC64K8IMSOMfRcF6nkgzYugP
QAsfLVrgy3PivkRKsoW572gR+ofEqTPX+Lo/+RBJFUCkSYf1JQBZSRPGBDm7veK7
8jyBNDqckXqhDpXbdEmBEvDfyiMpVfTa4Ec3VT0re75+q7Y2IFY2FEzmHoweAyCy
LrcjahXZjdjM4QSBPpSnkoaPi+1yWHvlAh2thSFsD7ct2cNHn5dzTg/8qgrdMM0y
xAajptd70Cg9j8Twi8U4F/bFV5xxbyjK0GvrDHaGPBeEFt4IClR3BAQRazwZ2mQo
FgDomWH1KsSkkllMfg08pz1voDJWyBNdSAnwASTgQ3rI2UiIwz6HbRr/4psWIUuy
MIQM+kyuXpU=
=H4cX
-----END PGP SIGNATURE-----
[Unit]
Description=MLDonkey: Multi-protocol, peer-to-peer file sharing server
After=syslog.target network.target
ConditionPathExists=/var/lib/mldonkey/downloads.ini
Documentation=man:mlnet(1) http://mldonkey.sourceforge.net/Main_Page
[Service]
ExecStart=/usr/bin/mlnet
Group=mldonkey
LockPersonality=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateMounts=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
ReadWritePaths=/var/lib/mldonkey
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictRealtime=yes
StateDirectory=mldonkey
SystemCallArchitectures=native
Type=simple
User=mldonkey
WorkingDirectory=/var/lib/mldonkey
[Install]
WantedBy=multi-user.target
Reply to: