FS#70565 - [prosody] Do not use prosodyctl in the unit file
Attached to Project:
Community Packages
Opened by Mathieu Pasquet (mathieui) - Saturday, 24 April 2021, 10:20 GMT
Last edited by Sergej Pupykin (sergej) - Saturday, 26 June 2021, 13:54 GMT
Opened by Mathieu Pasquet (mathieui) - Saturday, 24 April 2021, 10:20 GMT
Last edited by Sergej Pupykin (sergej) - Saturday, 26 June 2021, 13:54 GMT
|
Details
Description:
The current prosody.service file makes use of "prosodyctl" as root: ``` ExecStart=/usr/bin/prosodyctl start ExecStop=/usr/bin/prosodyctl stop ExecReload=/usr/bin/prosodyctl reload ``` Those commands are not recommended (and running "prosodyctl reload" manually will even print a big warning). Running prosodyctl to start prosody also has the unfortunate effect of letting prosody drop privileges itself, and preventing any systemd unit hardening. ``` WARNING: Use of prosodyctl start/stop/restart/reload is not recommended if Prosody is managed by an init system - use that directly instead. e.g. systemctl reload prosody ``` The prosody-hg AUR package takes a different approach that is more integrated with systemd: https://aur.archlinux.org/cgit/aur.git/tree/prosody.service?h=prosody-hg Additional info: * package version(s): 0.11.8-1 (all of them) Steps to reproduce: * Install prosody * Try to harden a bit the runtime conditions and fail |
This task depends upon
I actually took the service file for prosody-hg from upstream directly, https://hg.prosody.im/debian/file/tip/prosody.service, if that's of any help.