Fix LXC deploy: absolute paths + systemd section for StartLimit
CI / Lint + build + test (push) Failing after 5m17s
CI / Lint + build + test (push) Failing after 5m17s
Service was crashing on every boot because vetting.example.yaml uses ./var/... relative paths that resolve to / under ProtectSystem=strict. Ship a separate vetting.production.yaml with absolute /var/lib/vetting + /var/log/vetting paths that match the unit's ReadWritePaths, and have install.sh copy that one. Also move StartLimit* keys into [Unit] to silence the 'Unknown key' warning on modern systemd.
This commit is contained in:
+4
-1
@@ -110,9 +110,12 @@ if [[ -n "${GEN_PW}" ]]; then
|
||||
fi
|
||||
|
||||
echo "==> installing config and systemd unit"
|
||||
# vetting.production.yaml uses absolute /var/lib/vetting + /var/log/vetting
|
||||
# paths that match the systemd unit's ReadWritePaths. vetting.example.yaml
|
||||
# uses ./var/... relatives and is only correct for `make run` in a dev tree.
|
||||
if [[ ! -f "${CONFIG_DIR}/vetting.yaml" ]]; then
|
||||
install -m 0640 -o root -g "${SERVICE_USER}" \
|
||||
"${SCRIPT_DIR}/vetting.example.yaml" \
|
||||
"${SCRIPT_DIR}/vetting.production.yaml" \
|
||||
"${CONFIG_DIR}/vetting.yaml"
|
||||
echo " -> installed default config at ${CONFIG_DIR}/vetting.yaml"
|
||||
else
|
||||
|
||||
Reference in New Issue
Block a user