From 627f7076b0e0ba407929a0dee8fcaca2069be9cb Mon Sep 17 00:00:00 2001 From: kytv Date: Sun, 14 Jun 2015 20:16:16 +0000 Subject: [PATCH] debian: Add support for setting open file limits to initscript, add comment to explain how to do it with systemd --- debian/i2p.init | 11 ++++++++++- debian/i2p.postinst | 33 +++++++++++++++++---------------- debian/i2p.service | 28 +++++++++++++++++++++++++--- 3 files changed, 52 insertions(+), 20 deletions(-) diff --git a/debian/i2p.init b/debian/i2p.init index eac736f702..3b61904de0 100755 --- a/debian/i2p.init +++ b/debian/i2p.init @@ -32,7 +32,6 @@ WRAPPERLOG="/var/log/i2p/wrapper.log" RUN_DAEMON="False" NICE=0 I2PUSER="i2psvc" -USE_AA="yes" I2P_ARGS="/etc/i2p/wrapper.config \ wrapper.java.additional.1=-DloggerFilenameOverride=/var/log/i2p/log-router-@.txt \ @@ -67,6 +66,15 @@ if [ -z "$RUN_DAEMON" ]; then exit 1 fi +case "$CONFINE_WITH_APPARMOR" in + [NnFf]*) + USE_AA="no" + ;; + *) + USE_AA="yes" + ;; +esac + case "$RUN_DAEMON" in [NnFf]*) log_action_msg "$DESC daemon disabled in /etc/default/$NAME". @@ -83,6 +91,7 @@ esac do_start() { + [ ! -z $ULIMIT ] && ulimit -n $ULIMIT start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null 2>&1 \ || return 1 [ -d $RUN ] || mkdir $RUN > /dev/null 2>&1 diff --git a/debian/i2p.postinst b/debian/i2p.postinst index 3289267040..d612902ba3 100755 --- a/debian/i2p.postinst +++ b/debian/i2p.postinst @@ -6,7 +6,7 @@ I2PHOME=/var/lib/i2p I2PSYSUSER=i2psvc conffile="/etc/default/i2p" -#systemdservice="/lib/systemd/system/i2p.service" +systemdservice="/lib/systemd/system/i2p.service" # Source debconf library -- we have a Depends line # to make sure it is there... @@ -25,6 +25,7 @@ case "$1" in echo >> $conffile echo "RUN_DAEMON=" >> $conffile echo "I2PUSER=" >> $conffile + echo "ULIMIT=" >> $conffile echo "CONFINE_WITH_APPARMOR=" >> $conffile echo "# The next value is also wrapper.java.maxmemory in /etc/i2p/wrapper.config" >> $conffile echo "MEMORYLIMIT=" >> $conffile @@ -49,6 +50,8 @@ case "$1" in echo "I2PUSER=" >> $conffile test -z "$MEMORYLIMIT" || grep -Eq '^ *MEMORYLIMIT=' $conffile || \ echo "MEMORYLIMIT=" >> $conffile + test -z "$ULIMIT" || grep -Eq '^ *ULIMIT=' $conffile || \ + echo "ULIMIT=" >> $conffile test -z "$CONFINE_WITH_APPARMOR" || grep -Eq '^ *CONFINE_WITH_APPARMOR=' $conffile || \ echo "CONFINE_WITH_APPARMOR=" >> $conffile @@ -57,8 +60,6 @@ case "$1" in I2PUSER="i2psvc" fi - - sed -e "s/^ *RUN_DAEMON=.*/RUN_DAEMON=\"$RUN_DAEMON\"/" \ -e "s/^ *I2PUSER=.*/I2PUSER=\"$I2PUSER\"/" \ -e "s/^ *MEMORYLIMIT=.*/MEMORYLIMIT=\"$MEMORYLIMIT\"/" \ @@ -66,19 +67,19 @@ case "$1" in < $conffile > $conffile.tmp mv -f $conffile.tmp $conffile -# if [ -e "$systemdservice" ]; then -# sed -e "s/User=.*/User=$I2PUSER/" < "$systemdservice" > "$systemdservice.tmp" -# mv -f "$systemdservice.tmp" "$systemdservice" -# chmod 0644 -f "$systemdservice" -# if grep -q 'systemd' /proc/1/comm > /dev/null 2>&1; then -# systemctl --system daemon-reload -# if [ $RUN_DAEMON = 'true' ]; then -# systemctl enable i2p.service -# else -# systemctl disable i2p.service -# fi -# fi -# fi + if [ -e "$systemdservice" ]; then + sed -e "s/User=.*/User=$I2PUSER/" < "$systemdservice" > "$systemdservice.tmp" + mv -f "$systemdservice.tmp" "$systemdservice" + chmod 0644 -f "$systemdservice" + if grep -q 'systemd' /proc/1/comm > /dev/null 2>&1; then + systemctl --system daemon-reload + if [ $RUN_DAEMON = 'true' ]; then + systemctl enable i2p.service + else + systemctl disable i2p.service + fi + fi + fi sed -e "s/^ *wrapper\.java\.maxmemory=.*/wrapper\.java\.maxmemory=$MEMORYLIMIT/" \ < /etc/i2p/wrapper.config > /etc/i2p/wrapper.config.tmp diff --git a/debian/i2p.service b/debian/i2p.service index 6a4c8d3b40..4199e99108 100644 --- a/debian/i2p.service +++ b/debian/i2p.service @@ -1,10 +1,31 @@ +# It's not recommended to modify this file because it will be +# overwritten during package upgrades. If you want to make changes, the +# best way is to create a file "/etc/systemd/system/i2p.service.d/foo.conf" +# and make your changes there. This file will be parsed after the file +# i2p.service itself is parsed. +# +# For more info about custom unit files, see systemd.unit(5) or +# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F + +# For example, if you want to increase I2P's open-files-limit to 10000, +# you need to increase systemd's LimitNOFILE setting, so create a file named +# "/etc/systemd/system/i2p.service.d/limits.conf" containing: +# [Service] +# LimitNOFILE=10000 + +# Don't forget to reload systemd daemon after you change unit configuration: +# root> systemctl --system daemon-reload + [Unit] Description=load-balanced unspoofable packet switching network -After=network.target +After=local-fs.target network.target time-sync.target [Service] Type=forking EnvironmentFile=/etc/default/i2p +RuntimeDirectory=i2p +RuntimeDirectoryMode=750 +PIDFile=/run/i2p/i2p.pid Environment="I2P_ARGS=/etc/i2p/wrapper.config \ wrapper.java.additional.1=-DloggerFilenameOverride=/var/log/i2p/log-router-@.txt \ wrapper.java.additional.10=-Dwrapper.logfile=/var/log/i2p/wrapper.log \ @@ -16,11 +37,12 @@ Environment="I2P_ARGS=/etc/i2p/wrapper.config \ wrapper.daemonize=TRUE" TZ=UTC User=i2psvc PermissionsStartOnly=true -ExecStartPre=/bin/mkdir -p /run/i2p /tmp/i2p-daemon +AppArmorProfile=system_i2p +ExecStartPre=/bin/mkdir -p /tmp/i2p-daemon ExecStartPre=/bin/chown -R ${I2PUSER}:${I2PUSER} /var/log/i2p /run/i2p /tmp/i2p-daemon ExecStartPre=/bin/chmod 750 /var/log/i2p ExecStart=/usr/sbin/wrapper "$I2P_ARGS" -ExecStopPost=/bin/rm -rf /run/i2p /tmp/i2p-daemon +ExecStopPost=/bin/rm -rf /run/i2p [Install] WantedBy=multi-user.target