IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-27 09:21:59 -06:00
Code Issues Packages Projects Releases Wiki Activity
3a42bc0960
freeipa/daemons/dnssec/ipa-ods-exporter.service.in
Christian Heimes e881e35783 Fix various OpenDNSSEC 2.1 issues 
Require OpenDNSSEC 2.1.6-5 with fix for RHBZ#1825812 (DAC override AVC)

Allow ipa-dnskeysyncd to connect to enforcer.sock (ipa_dnskey_t write
opendnssec_var_run_t and connectto opendnssec_t). The
opendnssec_stream_connect interface is available since 2016.

Change the owner of the ipa-ods-exporter socket to ODS_USER:ODS_GROUP.
The ipa-ods-exporter service already runs as ODS_USER.

Fixes: https://pagure.io/freeipa/issue/8283
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2020-04-21 21:37:06 +02:00

17 lines
338 B
SYSTEMD
Raw Blame History

[Unit]
Description=IPA OpenDNSSEC Signer replacement
Wants=ipa-ods-exporter.socket
After=ipa-ods-exporter.socket
[Service]
EnvironmentFile=@sysconfenvdir@/ipa-ods-exporter
ExecStart=@libexecdir@/ipa/ipa-ods-exporter
User=@ODS_USER@
Group=@ODS_GROUP@
PrivateTmp=yes
Restart=on-failure
RestartSec=60s
[Install]
WantedBy=multi-user.target
Reference in New Issue View Git Blame Copy Permalink