Merge pull request #6467 from yuwata/journal-remote-units

units: use {State,Logs}Directory= if they are applicable
2017-08-09 21:09:13 +02:00 · 2017-08-09 21:09:13 +02:00 · 97f7e3663e
parent b3f5897f6e debe5d2376
commit 97f7e3663e
6 changed files with 3 additions and 26 deletions
--- a/tmpfiles.d/meson.build
+++ b/tmpfiles.d/meson.build
@ -22,7 +22,6 @@ endforeach

 m4_files = [['etc.conf',             ''],
            ['systemd.conf',         ''],
-            ['systemd-remote.conf',  'ENABLE_REMOTE'],
            ['var.conf',             ''],
           ]

--- a/tmpfiles.d/systemd-remote.conf.m4
+++ b/tmpfiles.d/systemd-remote.conf.m4
@ -1,17 +0,0 @@
-#  This file is part of systemd.
-#
-#  systemd is free software; you can redistribute it and/or modify it
-#  under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2.1 of the License, or
-#  (at your option) any later version.
-
-# See tmpfiles.d(5) for details
-m4_ifdef(`HAVE_LIBCURL',
-
-d /var/lib/systemd/journal-upload 0755 systemd-journal-upload systemd-journal-upload - -
-)m4_dnl
-m4_ifdef(`HAVE_MICROHTTPD',
-
-z /var/log/journal/remote 2755 systemd-journal-remote systemd-journal-remote - -
-z /run/log/journal/remote 2755 systemd-journal-remote systemd-journal-remote - -
-)m4_dnl
--- a/units/systemd-coredump@.service.in
+++ b/units/systemd-coredump@.service.in
@ -34,4 +34,4 @@ RestrictNamespaces=yes
 RestrictAddressFamilies=AF_UNIX
 SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
 SystemCallArchitectures=native
-ReadWritePaths=/var/lib/systemd/coredump
+StateDirectory=systemd/coredump
--- a/units/systemd-journal-gatewayd.service.in
+++ b/units/systemd-journal-gatewayd.service.in
@ -12,14 +12,10 @@ Requires=systemd-journal-gatewayd.socket

 [Service]
 ExecStart=@rootlibexecdir@/systemd-journal-gatewayd
-User=systemd-journal-gateway
-Group=systemd-journal-gateway
 SupplementaryGroups=systemd-journal
 DynamicUser=yes
-PrivateTmp=yes
 PrivateDevices=yes
 PrivateNetwork=yes
-ProtectSystem=strict
 ProtectHome=yes
 ProtectControlGroups=yes
 ProtectKernelTunables=yes
--- a/units/systemd-journal-remote.service.in
+++ b/units/systemd-journal-remote.service.in
@ -13,7 +13,6 @@ Requires=systemd-journal-remote.socket
 [Service]
 ExecStart=@rootlibexecdir@/systemd-journal-remote --listen-https=-3 --output=/var/log/journal/remote/
 User=systemd-journal-remote
-Group=systemd-journal-remote
 WatchdogSec=3min
 PrivateTmp=yes
 PrivateDevices=yes
@ -28,7 +27,7 @@ RestrictRealtime=yes
 RestrictNamespaces=yes
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 SystemCallArchitectures=native
-ReadWritePaths=/var/log/journal/remote
+LogsDirectory=journal/remote

 [Install]
 Also=systemd-journal-remote.socket
--- a/units/systemd-journal-upload.service.in
+++ b/units/systemd-journal-upload.service.in
@ -28,7 +28,7 @@ RestrictRealtime=yes
 RestrictNamespaces=yes
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 SystemCallArchitectures=native
-ReadWritePaths=/var/lib/systemd/journal-upload
+StateDirectory=systemd/journal-upload

 # If there are many split up journal files we need a lot of fds to
 # access them all and combine