From bd5e09bad2b0ac8a7ca78f45d90c8ebb903efaa3 Mon Sep 17 00:00:00 2001 From: Fabiano Fidêncio Date: Mon, 6 Feb 2017 19:05:29 +0100 Subject: SYSTEMD: Avoid starting a responder socket in case SSSD is not started MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As systemd adds "Before=sockets.target" to any socket unit by default, during the startup of the system we can end up having a responder socket up, being contacted while SSSD is shutdown. By using "DefaultDependencies=no" we ensure that sockets.target won't trigger the sockets' startup and that it only will be done when SSSD is up. The downside of using "DefaultDependencies=no" is that we have to deal with conflicts and add "Conflicts=shutdown.target" to each of the sockets unit. This patch has been suggested by Lukáš Nykrýn. Related: https://pagure.io/SSSD/sssd/issue/3298 Signed-off-by: Fabiano Fidêncio Reviewed-by: Jakub Hrozek Reviewed-by: Lukáš Slebodník --- src/sysv/systemd/sssd-autofs.socket.in | 2 ++ src/sysv/systemd/sssd-nss.socket.in | 2 ++ src/sysv/systemd/sssd-pac.socket.in | 2 ++ src/sysv/systemd/sssd-pam-priv.socket.in | 2 ++ src/sysv/systemd/sssd-pam.socket.in | 2 ++ src/sysv/systemd/sssd-ssh.socket.in | 2 ++ src/sysv/systemd/sssd-sudo.socket.in | 2 ++ 7 files changed, 14 insertions(+) diff --git a/src/sysv/systemd/sssd-autofs.socket.in b/src/sysv/systemd/sssd-autofs.socket.in index 1665ed22c..48b651f9d 100644 --- a/src/sysv/systemd/sssd-autofs.socket.in +++ b/src/sysv/systemd/sssd-autofs.socket.in @@ -3,6 +3,8 @@ Description=SSSD AutoFS Service responder socket Documentation=man:sssd.conf(5) After=sssd.service BindsTo=sssd.service +DefaultDependencies=no +Conflicts=shutdown.target [Socket] ListenStream=@pipepath@/autofs diff --git a/src/sysv/systemd/sssd-nss.socket.in b/src/sysv/systemd/sssd-nss.socket.in index 8228647df..d0af6b03f 100644 --- a/src/sysv/systemd/sssd-nss.socket.in +++ b/src/sysv/systemd/sssd-nss.socket.in @@ -3,6 +3,8 @@ Description=SSSD NSS Service responder socket Documentation=man:sssd.conf(5) After=sssd.service BindsTo=sssd.service +DefaultDependencies=no +Conflicts=shutdown.target [Socket] ListenStream=@pipepath@/nss diff --git a/src/sysv/systemd/sssd-pac.socket.in b/src/sysv/systemd/sssd-pac.socket.in index e17879aa6..fc778243e 100644 --- a/src/sysv/systemd/sssd-pac.socket.in +++ b/src/sysv/systemd/sssd-pac.socket.in @@ -3,6 +3,8 @@ Description=SSSD PAC Service responder socket Documentation=man:sssd.conf(5) After=sssd.service BindsTo=sssd.service +DefaultDependencies=no +Conflicts=shutdown.target [Socket] ListenStream=@pipepath@/pac diff --git a/src/sysv/systemd/sssd-pam-priv.socket.in b/src/sysv/systemd/sssd-pam-priv.socket.in index d06fbc3b3..490fd0dd1 100644 --- a/src/sysv/systemd/sssd-pam-priv.socket.in +++ b/src/sysv/systemd/sssd-pam-priv.socket.in @@ -4,6 +4,8 @@ Documentation=man:sssd.conf(5) After=sssd.service BindsTo=sssd.service BindsTo=sssd-pam.socket +DefaultDependencies=no +Conflicts=shutdown.target [Socket] Service=sssd-pam.service diff --git a/src/sysv/systemd/sssd-pam.socket.in b/src/sysv/systemd/sssd-pam.socket.in index cc731599d..d278bcc2f 100644 --- a/src/sysv/systemd/sssd-pam.socket.in +++ b/src/sysv/systemd/sssd-pam.socket.in @@ -4,6 +4,8 @@ Documentation=man:sssd.conf(5) After=sssd.service BindsTo=sssd.service BindsTo=sssd-pam-priv.socket +DefaultDependencies=no +Conflicts=shutdown.target [Socket] ListenStream=@pipepath@/pam diff --git a/src/sysv/systemd/sssd-ssh.socket.in b/src/sysv/systemd/sssd-ssh.socket.in index 3b8f65bc6..727b6c478 100644 --- a/src/sysv/systemd/sssd-ssh.socket.in +++ b/src/sysv/systemd/sssd-ssh.socket.in @@ -3,6 +3,8 @@ Description=SSSD SSH Service responder socket Documentation=man:sssd.conf(5) After=sssd.service BindsTo=sssd.service +DefaultDependencies=no +Conflicts=shutdown.target [Socket] ListenStream=@pipepath@/ssh diff --git a/src/sysv/systemd/sssd-sudo.socket.in b/src/sysv/systemd/sssd-sudo.socket.in index 346df6e47..359f6f2cc 100644 --- a/src/sysv/systemd/sssd-sudo.socket.in +++ b/src/sysv/systemd/sssd-sudo.socket.in @@ -3,6 +3,8 @@ Description=SSSD Sudo Service responder socket Documentation=man:sssd.conf(5) After=sssd.service BindsTo=sssd.service +DefaultDependencies=no +Conflicts=shutdown.target [Socket] ListenStream=@pipepath@/sudo -- cgit