[systemd-devel] [PATCH] build: change tcpwrappers support to disabled by default
Lennart Poettering
lennart at poettering.net
Tue Apr 22 22:05:36 PDT 2014
On Tue, 25.03.14 19:11, Michael Biebl (mbiebl at gmail.com) wrote:
>
> 2014-03-20 20:29 GMT+01:00 Lennart Poettering <lennart at poettering.net>:
> >
> > TO figure out what we can do in Fedora I have now started a discussion
> > on fedora-devel, about getting rid of tcpwrap system-wide. Let's see
> > where this goes. Would be interested in feedback about this from other
> > distros too.
>
> I don't really have an opinion on this, just wanted to share that on
> Debian apparently there is no unit file using TCPWrapName [0] so it's
> probably not going to be a big deal for us.
>
> That said, you mentioned that packages still can utilise tcpd. How
> exactly would that work for a socket-activated service?
If you have a socket service for a binary /usr/bin/foobard, then simply use:
ExecStart=@/usr/sbin/tcpd /usr/bin/foobard
This is pretty much identical to how you would plug tcpd into inetd. The
"@" is required to tell systemd that the second string passed shall
actually be set as argv[0], which is the moronic way how tcpd expects
the binary to invoke to be told.
See tcpd(8) for details.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list