SYSTEMD: Avoid starting a responder socket in case SSSD is not started

As systemd adds "Before=sockets.target" to any socket unit by default,
during the startup of the system we can end up having a responder socket
up, being contacted while SSSD is shutdown.

By using "DefaultDependencies=no" we ensure that sockets.target won't
trigger the sockets' startup and that it only will be done when SSSD is
up. The downside of using "DefaultDependencies=no" is that we have to
deal with conflicts and add "Conflicts=shutdown.target" to each of the
sockets unit.

This patch has been suggested by Lukáš Nykrýn.

Related:
https://pagure.io/SSSD/sssd/issue/3298

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

7 files changed, 14 insertions, 0 deletions

diff --git a/src/sysv/systemd/sssd-autofs.socket.in b/src/sysv/systemd/sssd-autofs.socket.in
index 1665ed22c..48b651f9d 100644
--- a/src/sysv/systemd/sssd-autofs.socket.in
+++ b/src/sysv/systemd/sssd-autofs.socket.in
@@ -3,6 +3,8 @@ Description=SSSD AutoFS Service responder socket
 Documentation=man:sssd.conf(5)
 After=sssd.service
 BindsTo=sssd.service
+DefaultDependencies=no
+Conflicts=shutdown.target
 
 [Socket]
 ListenStream=@pipepath@/autofs
diff --git a/src/sysv/systemd/sssd-nss.socket.in b/src/sysv/systemd/sssd-nss.socket.in
index 8228647df..d0af6b03f 100644
--- a/src/sysv/systemd/sssd-nss.socket.in
+++ b/src/sysv/systemd/sssd-nss.socket.in
@@ -3,6 +3,8 @@ Description=SSSD NSS Service responder socket
 Documentation=man:sssd.conf(5)
 After=sssd.service
 BindsTo=sssd.service
+DefaultDependencies=no
+Conflicts=shutdown.target
 
 [Socket]
 ListenStream=@pipepath@/nss
diff --git a/src/sysv/systemd/sssd-pac.socket.in b/src/sysv/systemd/sssd-pac.socket.in
index e17879aa6..fc778243e 100644
--- a/src/sysv/systemd/sssd-pac.socket.in
+++ b/src/sysv/systemd/sssd-pac.socket.in
@@ -3,6 +3,8 @@ Description=SSSD PAC Service responder socket
 Documentation=man:sssd.conf(5)
 After=sssd.service
 BindsTo=sssd.service
+DefaultDependencies=no
+Conflicts=shutdown.target
 
 [Socket]
 ListenStream=@pipepath@/pac
diff --git a/src/sysv/systemd/sssd-pam-priv.socket.in b/src/sysv/systemd/sssd-pam-priv.socket.in
index d06fbc3b3..490fd0dd1 100644
--- a/src/sysv/systemd/sssd-pam-priv.socket.in
+++ b/src/sysv/systemd/sssd-pam-priv.socket.in
@@ -4,6 +4,8 @@ Documentation=man:sssd.conf(5)
 After=sssd.service
 BindsTo=sssd.service
 BindsTo=sssd-pam.socket
+DefaultDependencies=no
+Conflicts=shutdown.target
 
 [Socket]
 Service=sssd-pam.service
diff --git a/src/sysv/systemd/sssd-pam.socket.in b/src/sysv/systemd/sssd-pam.socket.in
index cc731599d..d278bcc2f 100644
--- a/src/sysv/systemd/sssd-pam.socket.in
+++ b/src/sysv/systemd/sssd-pam.socket.in
@@ -4,6 +4,8 @@ Documentation=man:sssd.conf(5)
 After=sssd.service
 BindsTo=sssd.service
 BindsTo=sssd-pam-priv.socket
+DefaultDependencies=no
+Conflicts=shutdown.target
 
 [Socket]
 ListenStream=@pipepath@/pam
diff --git a/src/sysv/systemd/sssd-ssh.socket.in b/src/sysv/systemd/sssd-ssh.socket.in
index 3b8f65bc6..727b6c478 100644
--- a/src/sysv/systemd/sssd-ssh.socket.in
+++ b/src/sysv/systemd/sssd-ssh.socket.in
@@ -3,6 +3,8 @@ Description=SSSD SSH Service responder socket
 Documentation=man:sssd.conf(5)
 After=sssd.service
 BindsTo=sssd.service
+DefaultDependencies=no
+Conflicts=shutdown.target
 
 [Socket]
 ListenStream=@pipepath@/ssh
diff --git a/src/sysv/systemd/sssd-sudo.socket.in b/src/sysv/systemd/sssd-sudo.socket.in
index 346df6e47..359f6f2cc 100644
--- a/src/sysv/systemd/sssd-sudo.socket.in
+++ b/src/sysv/systemd/sssd-sudo.socket.in
@@ -3,6 +3,8 @@ Description=SSSD Sudo Service responder socket
 Documentation=man:sssd.conf(5)
 After=sssd.service
 BindsTo=sssd.service
+DefaultDependencies=no
+Conflicts=shutdown.target
 
 [Socket]
 ListenStream=@pipepath@/sudo