From dff8815192ae84880be8ead2aac1ce475f5a464b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C2=A9TriMoon=E2=84=A2?= Date: Tue, 15 Aug 2023 18:45:32 +0300 Subject: [PATCH 1/3] Update opensnitchd.service See: #1018 --- daemon/opensnitchd.service | 34 ++++++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-) diff --git a/daemon/opensnitchd.service b/daemon/opensnitchd.service index 3f05fad264..e5d81439c0 100644 --- a/daemon/opensnitchd.service +++ b/daemon/opensnitchd.service @@ -1,15 +1,37 @@ [Unit] Description=Application firewall OpenSnitch -Documentation=https://github.com/evilsocket/opensnitch/wiki +Documentation=https://github.com/gustavo-iniguez-goya/opensnitch/wiki +Documentation=man:systemd.special +Documentation=man:systemd.service +Documentation=man:systemd.exec +Documentation=man:systemd.unit + +DefaultDependencies=no +Before=network-pre.target shutdown.target +Wants=network-pre.target +Conflicts=shutdown.target +# Don't start when 'no-appfw` is in kernel command-line, to allow booting without it. +ConditionKernelCommandLine=!no-appfw [Service] -Type=simple -PermissionsStartOnly=true -ExecStartPre=/bin/mkdir -p /etc/opensnitchd/rules -ExecStart=/usr/local/bin/opensnitchd -rules-path /etc/opensnitchd/rules +Type=exec +ConfigurationDirectory=%N/rules +ConfigurationDirectoryMode=0700 + +Environment='custom_cfg=%E/%N/rules' +# Environment='opts=-debug' + +ExecCondition=%N -check-requirements +ExecStart=%N -rules-path $custom_cfg $opts + +# Signal-info was taken from the init.d script, but it just exits and then systemd restarts the service... +ExecReload=kill -HUP $MAINPID Restart=always RestartSec=30 TimeoutStopSec=10 +# Ensure it is not killed by the Linux kernel's Out-Of-Memory (OOM) killer. +# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#OOMScoreAdjust= +OOMScoreAdjust=-1000 [Install] -WantedBy=multi-user.target +WantedBy=basic.target From 8545b3960c9dac55f325e0f6ce2999bab07a7bd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C2=A9TriMoon=E2=84=A2?= Date: Tue, 15 Aug 2023 19:10:27 +0300 Subject: [PATCH 2/3] Update opensnitchd.service Linkfix to wiki --- daemon/opensnitchd.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemon/opensnitchd.service b/daemon/opensnitchd.service index e5d81439c0..eb34dc97fb 100644 --- a/daemon/opensnitchd.service +++ b/daemon/opensnitchd.service @@ -1,6 +1,6 @@ [Unit] Description=Application firewall OpenSnitch -Documentation=https://github.com/gustavo-iniguez-goya/opensnitch/wiki +Documentation=https://github.com/evilsocket/opensnitch/wiki Documentation=man:systemd.special Documentation=man:systemd.service Documentation=man:systemd.exec From 8c99b0e4fde96c0dfef88e544d6663de7cf0a832 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C2=A9TriMoon=E2=84=A2?= Date: Mon, 4 Sep 2023 11:23:22 +0300 Subject: [PATCH 3/3] Update opensnitchd.service Applied suggested changes by @lainedfles --- daemon/opensnitchd.service | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/daemon/opensnitchd.service b/daemon/opensnitchd.service index eb34dc97fb..b7d0033250 100644 --- a/daemon/opensnitchd.service +++ b/daemon/opensnitchd.service @@ -18,11 +18,11 @@ Type=exec ConfigurationDirectory=%N/rules ConfigurationDirectoryMode=0700 -Environment='custom_cfg=%E/%N/rules' -# Environment='opts=-debug' +# Add extra options to the daemon below. fe.'opts=-debug' to add the '-debug' option. +Environment='opts=' ExecCondition=%N -check-requirements -ExecStart=%N -rules-path $custom_cfg $opts +ExecStart=%N -rules-path $CONFIGURATION_DIRECTORY $opts # Signal-info was taken from the init.d script, but it just exits and then systemd restarts the service... ExecReload=kill -HUP $MAINPID