Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-dialup/freeradius/files
diff options
context:
space:
mode:
authorDaniele Rondina <geaaru@gmail.com>2019-12-17 18:55:55 +0100
committerJoonas Niilola <juippis@gentoo.org>2019-12-18 18:32:37 +0200
commit41fa8efcbdcf5a899806a609c4186f47b16ba8ec (patch)
tree8f9fae3373f0bd186898fe93c24185e30bcc03d8 /net-dialup/freeradius/files
parentnet-dialup/freeradius: Right license is GPL-2+ (diff)
downloadgentoo-41fa8efcbdcf5a899806a609c4186f47b16ba8ec.tar.gz
gentoo-41fa8efcbdcf5a899806a609c4186f47b16ba8ec.tar.bz2
gentoo-41fa8efcbdcf5a899806a609c4186f47b16ba8ec.zip
net-dialup/freeradius: Bump v.3.0.19
Package-Manager: Portage-2.3.69, Repoman-2.3.14 Closes: https://github.com/gentoo/gentoo/pull/13463 Signed-off-by: Joonas Niilola <juippis@gentoo.org>
Diffstat (limited to 'net-dialup/freeradius/files')
-rw-r--r--net-dialup/freeradius/files/freeradius-3.0.19-systemd-service.patch53
1 files changed, 53 insertions, 0 deletions
diff --git a/net-dialup/freeradius/files/freeradius-3.0.19-systemd-service.patch b/net-dialup/freeradius/files/freeradius-3.0.19-systemd-service.patch
new file mode 100644
index 000000000000..37b67dfb21a5
--- /dev/null
+++ b/net-dialup/freeradius/files/freeradius-3.0.19-systemd-service.patch
@@ -0,0 +1,53 @@
+--- a/debian/freeradius.service 2019-12-01 10:02:31.453150556 +0100
++++ b/debian/freeradius.service 2019-12-01 10:08:16.781370632 +0100
+@@ -4,11 +4,10 @@
+ Documentation=man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/ http://networkradius.com/doc/
+
+ [Service]
+-Type=notify
+-WatchdogSec=60
+-NotifyAccess=all
+-PIDFile=/run/freeradius/freeradius.pid
+-EnvironmentFile=-/etc/default/freeradius
++# In 3.0.19 SystemD integration is broken.
++# Type=notify
++# WatchdogSec=60
++# NotifyAccess=all
+
+ # FreeRADIUS can do static evaluation of policy language rules based
+ # on environmental variables which is very useful for doing per-host
+@@ -26,17 +25,27 @@
+ # Ensure the daemon can still write its pidfile after it drops
+ # privileges. Combination of options that work on a variety of
+ # systems. Test very carefully if you alter these lines.
+-RuntimeDirectory=freeradius
++RuntimeDirectory=radiusd
+ RuntimeDirectoryMode=0775
+ # This does not work on Debian Jessie:
+-Group=freerad
+-# This does not work on Ubuntu Bionic:
+-ExecStartPre=/bin/chown freerad:freerad /var/run/freeradius
+-
+-ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cx -lstdout
+-ExecStart=/usr/sbin/freeradius $FREERADIUS_OPTIONS
++Group=radius
++User=radius
++ExecStartPre=/usr/sbin/radiusd $RADIUSD_OPTS -Cx -lstdout
++ExecStart=/usr/sbin/radiusd -f $RADIUSD_OPTS
++ExecReload=/usr/sbin/radiusd -C $RADIUSD_OPTS
++ExecReload=/bin/kill -HUP $MAINPID
+ Restart=on-failure
+ RestartSec=5
++ReadOnlyDirectories=/etc/raddb/
++ReadWriteDirectories=/var/log/radius/
++# Security options (https://github.com/FreeRADIUS/freeradius-server/issues/2637)
++NoNewPrivileges=true
++CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW
++PrivateTmp=true
++ProtectControlGroups=true
++ProtectKernelModules=true
++ProtectKernelTunables=true
++SystemCallArchitectures=native
+
+ [Install]
+ WantedBy=multi-user.target