Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

systemd: use Type=simple and no fork to avoid PIDFile race #146

Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

systemd: use Type=simple and no fork to avoid PIDFile race #146

wants to merge 2 commits into from

Conversation

mdomsch
Copy link

@mdomsch mdomsch commented Feb 24, 2022

@ghen2
Copy link

ghen2 commented Feb 24, 2022

This just stretches the race condition a little bit.

A better solution is to just drop the PIDFile line and let systemd manage the opendkim process directly (systemd recommends this way of operating).

For example on Arch Linux it's done this way: https://github.com/archlinux/svntogit-community/blob/packages/opendkim/trunk/opendkim.service

@mdomsch
Copy link
Author

mdomsch commented Feb 24, 2022

@ghen2 fair play. We can instead use type=simple and opendkim -f so it doesn't fork. Then we don't care about the PIDFIle at all either.

@mdomsch mdomsch changed the title Make systemd delay a second before checking for the PID file. systemd: use Type=simple and no fork to avoid PIDFile race Feb 24, 2022
@mdomsch
systemd: add Restart=on-abnormal
3e7fbed 
This is a long-running process that once started by systemd should
stay running forever. In the event of a fatal error and unclean exit,
we want systemd to restart the program. We use on-abnormal because
there are valid nonzero exit codes (EX_USAGE, EX_OSERR) which the
program can properly return indicating a configuration or command line
error, or inability to allocate memory early on. In these events,
restarting would be inappropriate, but on-failure would try anyhow.
@Tachi107
Copy link

Looks good!

I have submitted a similar patch to Debian, that also enables various hardening options: https://salsa.debian.org/debian/opendkim/-/merge_requests/3

I'll open a PR here too.

@Tachi107 Tachi107 mentioned this pull request Jun 20, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ghen2 ghen2 ghen2 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mdomsch @ghen2 @Tachi107