From patchwork Fri Aug 23 00:23:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 13774464 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 31C5FB679 for ; Fri, 23 Aug 2024 00:23:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724372618; cv=none; b=jRrzsACtVcGlQYx6VTU/V2WxfnF2LV6ENKJ9pVoUD4PBZ+5MexfI4gW4Kk4Yn8sOXD4J/bXqRdqZWQm9nE0ozV0OhWDpsBYq7sJz1t8zwr3WHZXTcAXkgFN7L84Et6oKrpTWDPa5lbuGJRxeGbcP3DI7+KgVVwkdnXSg/apA23M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724372618; c=relaxed/simple; bh=PZXMezTF7B0uupmNARSNJp0rATFdjCP8Zcqf37PQ4zc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Xa9EHW2I9SphVwJxohzZSHO1gcdw9dRbNTPdYfb9HLRjeUovvMoYIk5YWI0+YkZ49Aa9AkPlGt3SpTcn4U+iG8GDWnBAnznaW1PWmBGym+BUeZ+h+jvymPfZG1w+xf38aGNoo/iv73v44gJgnfb+Q0K5PsgUGAa3bjHjQxNOF4U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 3D24E20274; Fri, 23 Aug 2024 00:23:34 +0000 (UTC) Authentication-Results: smtp-out2.suse.de; none Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 088CB13A3A; Fri, 23 Aug 2024 00:23:34 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id KH8+AYbWx2bwBwAAD6G6ig (envelope-from ); Fri, 23 Aug 2024 00:23:34 +0000 From: Petr Vorel To: linux-nfs@vger.kernel.org Cc: libtirpc-devel@lists.sourceforge.net, Petr Vorel , Steve Dickson , Josue Ortega , NeilBrown , Thomas Blume , Yann Leprince Subject: [PATCH rpcbind 1/4] systemd/rpcbind.service.in: Add few default EnvironmentFile Date: Fri, 23 Aug 2024 02:23:19 +0200 Message-ID: <20240823002322.1203466-2-pvorel@suse.cz> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823002322.1203466-1-pvorel@suse.cz> References: <20240823002322.1203466-1-pvorel@suse.cz> Precedence: bulk X-Mailing-List: linux-nfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 50.00]; REPLY(-4.00)[] X-Spam-Flag: NO X-Spam-Score: -4.00 X-Rspamd-Queue-Id: 3D24E20274 X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Rspamd-Action: no action X-Rspamd-Server: rspamd1.dmz-prg2.suse.org X-Spam-Level: Add some defaults so that distros can drop patches to configure it. * openSUSE and Fedora use /etc/sysconfig/rpcbind https://build.opensuse.org/projects/network/packages/rpcbind/files/0001-systemd-unit-files.patch?expand=1 https://src.fedoraproject.org/rpms/rpcbind/blob/f41/f/rpcbind-0.2.3-systemd-envfile.patch * Debian uses /etc/rpcbind.conf and /etc/default/rpcbind https://salsa.debian.org/debian/rpcbind/-/blob/buster/debian/rpcbind.service?ref_type=heads Add all these 3 in order: * /etc/rpcbind.conf * /etc/default/rpcbind * /etc/sysconfig/rpcbind Signed-off-by: Petr Vorel --- systemd/rpcbind.service.in | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systemd/rpcbind.service.in b/systemd/rpcbind.service.in index c892ca8..c5bbd5e 100644 --- a/systemd/rpcbind.service.in +++ b/systemd/rpcbind.service.in @@ -12,6 +12,9 @@ Wants=rpcbind.target [Service] Type=notify # distro can provide a drop-in adding EnvironmentFile=-/??? if needed. +EnvironmentFile=-/etc/rpcbind.conf +EnvironmentFile=-/etc/default/rpcbind +EnvironmentFile=-/etc/sysconfig/rpcbind ExecStart=@_sbindir@/rpcbind $RPCBIND_OPTIONS @warmstarts_opt@ -f [Install] From patchwork Fri Aug 23 00:23:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 13774466 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6FA87BA46 for ; Fri, 23 Aug 2024 00:23:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724372618; cv=none; b=GcMFUifW1SKu3qDqhyEsAbR3hIpIp/30a+yiRhNq8BP/LwnEoSb+YOiIxnh00mG9gnwxyy74ELt0b8xYa3Q8KNYFIiJ7JxMTp0sVglU0sIYIGFiudxdU6AbvLXZvK7SU9AAvbCIj4nNpnvxVvkrgMNTvuVZuIUqCPuR9ZBAhRiI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724372618; c=relaxed/simple; bh=Hw5+ZoZqsLYAabJkIG8K6mpv94YdJv30yQ0YfSJLUSk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=BKT6mkk0fjBRy9sgwWlNv7cxu2vcA68ldc4J2vbFxmPpq8p7ij6EufU0G/8MeCmUF6Xjc4uZ7gyIsD25SCbXjp4j/TP+uADZzv2Mj3hjc8i/w28YiedfdJfhibaqbDtxOcIsm0kux/JE3buLXDSUvVxFbg4dgPJnylkVR9D3CK4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=V2p7nlko; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=djeaBOYg; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=V2p7nlko; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=djeaBOYg; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="V2p7nlko"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="djeaBOYg"; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="V2p7nlko"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="djeaBOYg" Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 8645120275; Fri, 23 Aug 2024 00:23:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1724372614; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qK1lEeH1+es5wgvsmrLQ9MztehyVkgOhmI0TSlCJ0ZU=; b=V2p7nlkouE+Zxv0fu2011mm0I6PXy4Gtnf99s+/ezPgXaVhusTkJsWz8cFkUD9eI9i/rV0 /ZHvafs65N6QkOPhPOBuGonY4vapztTn9PehB7c1CorAcd2uui24lMlblAoH8giKqxgENd anMGdKd6l8Q1SpggQZvsbJl4+OJyobs= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1724372614; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qK1lEeH1+es5wgvsmrLQ9MztehyVkgOhmI0TSlCJ0ZU=; b=djeaBOYgfM5ltx9TWeZvYFj/zcuJVohT69WjcCIc4G9WRyx3+j+yBdspbpAgTeV/wHNEYE AcLH3nPzr/YR2gBw== Authentication-Results: smtp-out2.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1724372614; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qK1lEeH1+es5wgvsmrLQ9MztehyVkgOhmI0TSlCJ0ZU=; b=V2p7nlkouE+Zxv0fu2011mm0I6PXy4Gtnf99s+/ezPgXaVhusTkJsWz8cFkUD9eI9i/rV0 /ZHvafs65N6QkOPhPOBuGonY4vapztTn9PehB7c1CorAcd2uui24lMlblAoH8giKqxgENd anMGdKd6l8Q1SpggQZvsbJl4+OJyobs= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1724372614; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qK1lEeH1+es5wgvsmrLQ9MztehyVkgOhmI0TSlCJ0ZU=; b=djeaBOYgfM5ltx9TWeZvYFj/zcuJVohT69WjcCIc4G9WRyx3+j+yBdspbpAgTeV/wHNEYE AcLH3nPzr/YR2gBw== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 42755139D3; Fri, 23 Aug 2024 00:23:34 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id YN06D4bWx2bwBwAAD6G6ig (envelope-from ); Fri, 23 Aug 2024 00:23:34 +0000 From: Petr Vorel To: linux-nfs@vger.kernel.org Cc: libtirpc-devel@lists.sourceforge.net, Josue Ortega , Steve Dickson , NeilBrown , Thomas Blume , Yann Leprince , Petr Vorel Subject: [PATCH rpcbind 2/4] man/rpcbind: Add Files section to manpage Date: Fri, 23 Aug 2024 02:23:20 +0200 Message-ID: <20240823002322.1203466-3-pvorel@suse.cz> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823002322.1203466-1-pvorel@suse.cz> References: <20240823002322.1203466-1-pvorel@suse.cz> Precedence: bulk X-Mailing-List: linux-nfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Level: X-Spamd-Result: default: False [-6.78 / 50.00]; REPLY(-4.00)[]; BAYES_HAM(-3.00)[99.99%]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_MISSING_CHARSET(0.50)[]; NEURAL_HAM_SHORT(-0.18)[-0.892]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; RCPT_COUNT_SEVEN(0.00)[8]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; FUZZY_BLOCKED(0.00)[rspamd.com]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_ALL(0.00)[] X-Spam-Score: -6.78 X-Spam-Flag: NO From: Josue Ortega Previous commit added 3 non-default files, mention them in man page. Signed-off-by: Petr Vorel --- man/rpcbind.8 | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/man/rpcbind.8 b/man/rpcbind.8 index fbf0ace..cdcdcfd 100644 --- a/man/rpcbind.8 +++ b/man/rpcbind.8 @@ -150,6 +150,14 @@ starts up. The state file is created when .Nm terminates. .El +.Sh FILES +The +.Nm +utility tries to load configuration file in following order: +.Bd -literal +.Pa /etc/rpcbind.conf +.Pa /etc/default/rpcbind +.Pa /etc/sysconfig/rpcbind .Sh NOTES All RPC servers must be restarted if .Nm From patchwork Fri Aug 23 00:23:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 13774465 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 815B0BE47 for ; Fri, 23 Aug 2024 00:23:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724372618; cv=none; b=qOaHagpK2cLenty11OQfN6tVQOEbxRwhb4CQohg3MTIrNpgdNHcOIp8ahaKlhgsn++DEAmTgbDUU9WvBFKEbPs1ik5EeFmTWPrh2Z6dy/twBl6PZdWKHjncBxhya3XWF1njMgwILEqAgJJOHhvg5b1k7s0O2VvX+x/FQLni7+zU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724372618; c=relaxed/simple; bh=DeWStmxRzPZhkhgRRHbOh951xt5AbZg3JiYSj2pdLH4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=nfpyXQEsimg3UC4VpJ4zFfNwaofv5B9TFEjdBFncFP6cyns62eGOtTfcmB7MVI1qFFuBW9UIadSCzVuRb8fvWjo1Rhewdzc4+5IDRal0gi7ql3FscVdR18mJyI62991CJUzcH9/F89uGUCyBWMVzDKFKgw61qsgESLPlsmjbdSQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=cBbGsXGu; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=rE+JCLu6; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=cBbGsXGu; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=rE+JCLu6; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="cBbGsXGu"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="rE+JCLu6"; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="cBbGsXGu"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="rE+JCLu6" Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id BAA2920276; Fri, 23 Aug 2024 00:23:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1724372614; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PGmWjijc4DaZd1GoSAPtlPR5QSbdLTiNWvwyl+uT40o=; b=cBbGsXGuxDlYZv4iFR6iAey9Foa6BoD4nxHjR5kSuU2PUtpTz0VlKWAhz9WSfPCUU/FspN ywy8qBOFOgqsvz9fKPNkMQj64KgguwEG8HuRFxHrVNBBRrfwCtaJt3Y/iKQOVF3l2YKJUV Ram5Imu4FAJjSNXEY6/fbnpj4crfC+M= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1724372614; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PGmWjijc4DaZd1GoSAPtlPR5QSbdLTiNWvwyl+uT40o=; b=rE+JCLu6ceV7V++7jWeleWJaEqDrJaSMBa6eSlNHrlZ32z75w2pTGMkKQl89iHDDT6mPEn P6pJnyV/p6auk8Cw== Authentication-Results: smtp-out2.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1724372614; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PGmWjijc4DaZd1GoSAPtlPR5QSbdLTiNWvwyl+uT40o=; b=cBbGsXGuxDlYZv4iFR6iAey9Foa6BoD4nxHjR5kSuU2PUtpTz0VlKWAhz9WSfPCUU/FspN ywy8qBOFOgqsvz9fKPNkMQj64KgguwEG8HuRFxHrVNBBRrfwCtaJt3Y/iKQOVF3l2YKJUV Ram5Imu4FAJjSNXEY6/fbnpj4crfC+M= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1724372614; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PGmWjijc4DaZd1GoSAPtlPR5QSbdLTiNWvwyl+uT40o=; b=rE+JCLu6ceV7V++7jWeleWJaEqDrJaSMBa6eSlNHrlZ32z75w2pTGMkKQl89iHDDT6mPEn P6pJnyV/p6auk8Cw== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 8E20213A3A; Fri, 23 Aug 2024 00:23:34 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id WIvIIYbWx2bwBwAAD6G6ig (envelope-from ); Fri, 23 Aug 2024 00:23:34 +0000 From: Petr Vorel To: linux-nfs@vger.kernel.org Cc: libtirpc-devel@lists.sourceforge.net, Petr Vorel , Steve Dickson , Josue Ortega , NeilBrown , Thomas Blume , Yann Leprince , Johannes Segitz Subject: [RFC][PATCH rpcbind 3/4] systemd/rpcbind.service.in: Add various hardenings options Date: Fri, 23 Aug 2024 02:23:21 +0200 Message-ID: <20240823002322.1203466-4-pvorel@suse.cz> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823002322.1203466-1-pvorel@suse.cz> References: <20240823002322.1203466-1-pvorel@suse.cz> Precedence: bulk X-Mailing-List: linux-nfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Score: -6.80 X-Spamd-Result: default: False [-6.80 / 50.00]; REPLY(-4.00)[]; BAYES_HAM(-3.00)[99.99%]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_MISSING_CHARSET(0.50)[]; NEURAL_HAM_SHORT(-0.20)[-0.988]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_SEVEN(0.00)[9]; RCVD_VIA_SMTP_AUTH(0.00)[]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; FUZZY_BLOCKED(0.00)[rspamd.com]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[opensuse.org:url,suse.com:email]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_ALL(0.00)[] X-Spam-Flag: NO X-Spam-Level: We've been running rpcbind 1.2.6 with it in openSUSE since 2021. NOTE: In systemd < 244 (released Nov 2019) some of these options are unknown and will produce warnings, see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort Cc: Johannes Segitz Signed-off-by: Petr Vorel --- systemd/rpcbind.service.in | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/systemd/rpcbind.service.in b/systemd/rpcbind.service.in index c5bbd5e..272e55a 100644 --- a/systemd/rpcbind.service.in +++ b/systemd/rpcbind.service.in @@ -10,6 +10,16 @@ Requires=rpcbind.socket Wants=rpcbind.target [Service] +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true Type=notify # distro can provide a drop-in adding EnvironmentFile=-/??? if needed. EnvironmentFile=-/etc/rpcbind.conf From patchwork Fri Aug 23 00:23:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 13774467 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1F370C148 for ; Fri, 23 Aug 2024 00:23:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724372620; cv=none; b=aa6TlMq1L3a2qzolf4Sj/marclwXeAVYON9jUvO4qnZ1109i1ikpy3H9uG6MCOF1p3byvKvjCpqKQb/0DaztMMBaHCjm95B8ZjZ8OuYe1h42VJyMS5kSsKdHNXY31VRne3E1Q1czqbcY99s9ADoA1xWRzCU8yHpYQV8iieNJMD0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724372620; c=relaxed/simple; bh=M+UUGhc2nUZ4JX/VsKfAPjTpOyC12DJbP+GIgunJRjc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rkeRk/zX6454MsUW+D1m6xEYi8vwi5X+GmewUyCuDnot/JMvJv8IcsG0apJaJnZQ2nBucf/77FSbIjIJdDMy4vvrOU0dzvUItjfkJP/wkub8r1EhPfQD1z8Weqx0yAWuJVve0mJfTfIvI01g6uDLg2p8N7BjzVo3oISwENjtQOk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=iA+6lXFz; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=70ohfEDs; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=s6cBd78n; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=9IG/Ozzd; arc=none smtp.client-ip=195.135.223.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="iA+6lXFz"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="70ohfEDs"; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="s6cBd78n"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="9IG/Ozzd" Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id E9E0D2255C; Fri, 23 Aug 2024 00:23:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1724372615; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CIWqfsXp4Sn9wxiS2ywi6rnDCzqv92s0X3Bgrp6gS/U=; b=iA+6lXFzKAienQ9dK99DL85DJUxJCrKUntcMX8RQnSrAtOIHfrYIQpJpvwUjXRCM0+73R/ mKi7QzaVZjkrYf3qXleLidFG5NE23rqEQOU6+SoVhK7zDBajTzwkV1VMO3M6qr621ZuRtP MCFcxcBwSc47aix8mxbBo5RrJTZ0RN0= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1724372615; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CIWqfsXp4Sn9wxiS2ywi6rnDCzqv92s0X3Bgrp6gS/U=; b=70ohfEDsTHIwNJ+fPwBDdsB1hKYcsgBTip4VuRvyLQZILzHHeLacaso6KgZcsCYmB77VFH N2SAiPNH0niPEKCg== Authentication-Results: smtp-out1.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1724372614; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CIWqfsXp4Sn9wxiS2ywi6rnDCzqv92s0X3Bgrp6gS/U=; b=s6cBd78n5oTttzGCfZa2tqnUIN16kXBlL1Ct3Vpf2SzdDoBmk+FMDVdGGEVzlAN23TWOCc QGz8yCXaWyFYmFrzPB9VVQd3fJfmM/j3vozJqeKTXs2cFVmkNryVFW5HOhyf6JUZ4nfT27 /sKUuLIglvmjZMMFxknr3K2eOHMEn4Y= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1724372614; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CIWqfsXp4Sn9wxiS2ywi6rnDCzqv92s0X3Bgrp6gS/U=; b=9IG/OzzdDCb/C+jhjJMdXO+a5orCx2DfY5CA/PvF4lduaMcwoupMYc8ZI4AQkXuib0HgvY OlE9dnqEa01iUtBA== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id C036A139D3; Fri, 23 Aug 2024 00:23:34 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id CEMnLobWx2bwBwAAD6G6ig (envelope-from ); Fri, 23 Aug 2024 00:23:34 +0000 From: Petr Vorel To: linux-nfs@vger.kernel.org Cc: libtirpc-devel@lists.sourceforge.net, Petr Vorel , Steve Dickson , Josue Ortega , NeilBrown , Thomas Blume , Yann Leprince Subject: [RFC][PATCH rpcbind 4/4] systemd/rpcbind.service.in: Want/After systemd-tmpfiles-setup Date: Fri, 23 Aug 2024 02:23:22 +0200 Message-ID: <20240823002322.1203466-5-pvorel@suse.cz> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823002322.1203466-1-pvorel@suse.cz> References: <20240823002322.1203466-1-pvorel@suse.cz> Precedence: bulk X-Mailing-List: linux-nfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Level: X-Spamd-Result: default: False [-6.79 / 50.00]; REPLY(-4.00)[]; BAYES_HAM(-3.00)[99.99%]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_MISSING_CHARSET(0.50)[]; NEURAL_HAM_SHORT(-0.19)[-0.938]; MIME_GOOD(-0.10)[text/plain]; RCVD_COUNT_TWO(0.00)[2]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_SEVEN(0.00)[8]; FUZZY_BLOCKED(0.00)[rspamd.com]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.com:url]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; R_RATELIMIT(0.00)[to_ip_from(RLbne46a3kcd13catcztqqtt6y)]; RCVD_TLS_ALL(0.00)[] X-Spam-Score: -6.79 X-Spam-Flag: NO Add Want/After systemd-tmpfiles-setup.service. This is taken from Fedora rpcbind-0.2.4-5.fc25 patch [1] which tried to handle bug #1401561 [2] where /var/run/rpcbind.lock cannot be created due missing /var/run/ directory. But the suggestion to add RequiresMountFor=... was implemented in ee569be ("Fix boot dependency in systemd service file"). But even with RequiresMountsFor=/run/rpcbind in rpcbind.service and /run/rpcbind.lock there is error on openSUSE Tumbleweed with rpcbind 1.2.6: rpcbind.service: Failed at step NAMESPACE spawning /usr/sbin/rpcbind: Read-only file system Adding systemd-tmpfiles-setup.service fixes it. NOTE: Debian uses for this purpose remote-fs-pre.target (also works, but systemd-tmpfiles-setup.service looks to me more specific). openSUSE uses only After=sysinit.target as a result of #1117217 [3] (also works). [1] https://src.fedoraproject.org/rpms/rpcbind/blob/rawhide/f/rpcbind-0.2.4-systemd-service.patch [2] https://bugzilla.redhat.com/show_bug.cgi?id=1401561 [3] https://bugzilla.suse.com/show_bug.cgi?id=1117217 Signed-off-by: Petr Vorel --- systemd/rpcbind.service.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/systemd/rpcbind.service.in b/systemd/rpcbind.service.in index 272e55a..771b944 100644 --- a/systemd/rpcbind.service.in +++ b/systemd/rpcbind.service.in @@ -7,7 +7,8 @@ RequiresMountsFor=@statedir@ # Make sure we use the IP addresses listed for # rpcbind.socket, no matter how this unit is started. Requires=rpcbind.socket -Wants=rpcbind.target +Wants=rpcbind.target systemd-tmpfiles-setup.service +After=systemd-tmpfiles-setup.service [Service] ProtectSystem=full