The caRepeater.service currently included in Base is in need of improvement.
eg. to not run as root.
https://github.com/epics-base/epics-base/blob/b777233efb06fa4e988c4f0738b0270dd3d095a3/modules/ca/src/client/caRepeater.service%40#L1
Has anyone gone through the exercise of producing a unit file which restricts caRepeater?
Maybe with PrivateUsers=true to avoid manually allocating a username,
and/or some restrictions on filesystem access?
Ideally a unit file in Base would work back to systemd 219 (circa rhel/centos7)
without modification. Although this doesn't seem like a hard requirement to me.
It seems reasonable to have some comments describing any edits needed with older systemd.
- Replies:
- Re: caRepeater w/ systemd? Johnson, Andrew N. via Tech-talk
- Navigate by Date:
- Prev:
Re: SNMP in EPICS Tomasz Brys via Tech-talk
- Next:
using autosave, iocInit hangs junkes via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
<2021>
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: SNMP in EPICS Dunning, Michael via Tech-talk
- Next:
Re: caRepeater w/ systemd? Johnson, Andrew N. via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
<2021>
2022
2023
2024
|