summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-extended
diff options
context:
space:
mode:
authorFrank Meerkoetter <meerkoetter@googlemail.com>2016-12-01 19:45:26 +0100
committerMartin Jansa <Martin.Jansa@gmail.com>2016-12-09 12:02:13 +0100
commita1bdd5f40e15312bb4891cfa2e0d67d590051d00 (patch)
tree0e9139bad837c2cab779a2088e25d62f584bfaf4 /meta-oe/recipes-extended
parent9aace0c5667ab910078cfdd1e388e386f106c074 (diff)
downloadmeta-openembedded-a1bdd5f40e15312bb4891cfa2e0d67d590051d00.tar.gz
redis: do not run as root
Running a network facing daemon written in C as root is not a good idea. Introduce a redis system user/group for that. A drawback is that now redis can no longer increase the number of open fds to 10000 (MaxClients). If this is needed the ulimit needs to be tweaked in the init script or systemd unit file. This only affects systemd based systems. Signed-off-by: Frank Meerkoetter <frank@meerkoetter.org> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-oe/recipes-extended')
-rw-r--r--meta-oe/recipes-extended/redis/redis/redis.service4
-rw-r--r--meta-oe/recipes-extended/redis/redis_3.0.2.bb8
2 files changed, 9 insertions, 3 deletions
diff --git a/meta-oe/recipes-extended/redis/redis/redis.service b/meta-oe/recipes-extended/redis/redis/redis.service
index e2dc6a715..577bb1421 100644
--- a/meta-oe/recipes-extended/redis/redis/redis.service
+++ b/meta-oe/recipes-extended/redis/redis/redis.service
@@ -3,8 +3,8 @@ Description=Redis In-Memory Data Store
3After=network.target 3After=network.target
4 4
5[Service] 5[Service]
6User=root 6User=redis
7Group=root 7Group=redis
8ExecStart=/usr/bin/redis-server /etc/redis/redis.conf 8ExecStart=/usr/bin/redis-server /etc/redis/redis.conf
9ExecStop=/usr/bin/redis-cli shutdown 9ExecStop=/usr/bin/redis-cli shutdown
10Restart=always 10Restart=always
diff --git a/meta-oe/recipes-extended/redis/redis_3.0.2.bb b/meta-oe/recipes-extended/redis/redis_3.0.2.bb
index 98132d798..9395b33b0 100644
--- a/meta-oe/recipes-extended/redis/redis_3.0.2.bb
+++ b/meta-oe/recipes-extended/redis/redis_3.0.2.bb
@@ -19,7 +19,12 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
19SRC_URI[md5sum] = "87be8867447f62524b584813e5a7bd14" 19SRC_URI[md5sum] = "87be8867447f62524b584813e5a7bd14"
20SRC_URI[sha256sum] = "93e422c0d584623601f89b956045be158889ebe594478a2c24e1bf218495633f" 20SRC_URI[sha256sum] = "93e422c0d584623601f89b956045be158889ebe594478a2c24e1bf218495633f"
21 21
22inherit autotools-brokensep update-rc.d systemd 22inherit autotools-brokensep update-rc.d systemd useradd
23
24USERADD_PACKAGES = "${PN}"
25USERADD_PARAM_${PN} = "--system --home-dir /var/lib/redis -g redis --shell /bin/false redis"
26GROUPADD_PARAM_${PN} = "--system redis"
27
23 28
24REDIS_ON_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}" 29REDIS_ON_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}"
25 30
@@ -31,6 +36,7 @@ do_install() {
31 install -d ${D}/${sysconfdir}/init.d 36 install -d ${D}/${sysconfdir}/init.d
32 install -m 0755 ${WORKDIR}/init-redis-server ${D}/${sysconfdir}/init.d/redis-server 37 install -m 0755 ${WORKDIR}/init-redis-server ${D}/${sysconfdir}/init.d/redis-server
33 install -d ${D}/var/lib/redis/ 38 install -d ${D}/var/lib/redis/
39 chown redis.redis ${D}/var/lib/redis/
34 40
35 install -d ${D}${systemd_system_unitdir} 41 install -d ${D}${systemd_system_unitdir}
36 install -m 0644 ${WORKDIR}/redis.service ${D}${systemd_system_unitdir} 42 install -m 0644 ${WORKDIR}/redis.service ${D}${systemd_system_unitdir}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-13 15:13:00 +0000