Mercurial > prosody-modules
annotate misc/systemd/prosody.service @ 4651:8231774f5bfd
mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
The `body:sub()` call risks splitting the string in the middle of a
multi-byte UTF-8 sequence. This should have been caught by util.stanza
validation, but that would have caused some havoc, at the very least causing
the notification to not be sent.
There have been no reports of this happening. Likely because this module
isn't widely deployed among users with languages that use many longer UTF-8
sequences.
The util.encodings.utf8.valid() function is O(n) where only the last
sequence really needs to be checked, but it's in C and expected to be fast.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 22 Aug 2021 13:22:59 +0200 |
| parents | f8ecb4b248b0 |
| children | bf5370a40a15 |
| rev | line source |
|---|---|
|
2351
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 [Unit] |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 ### see man systemd.unit |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 Description=Prosody XMPP Server |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 Documentation=https://prosody.im/doc |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 [Service] |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 ### See man systemd.service ### |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 # With this configuration, systemd takes care of daemonization |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 # so Prosody should be configured with daemonize = false |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 Type=simple |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 # Not sure if this is needed for 'simple' |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 PIDFile=/var/run/prosody/prosody.pid |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 # Start by executing the main executable |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 ExecStart=/usr/bin/prosody |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 ExecReload=/bin/kill -HUP $MAINPID |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 # Restart on crashes |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 Restart=on-abnormal |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 # Set O_NONBLOCK flag on sockets passed via socket activation |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 NonBlocking=true |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 ### See man systemd.exec ### |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 WorkingDirectory=/var/lib/prosody |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 User=prosody |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 Group=prosody |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 Umask=0027 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 # Nice=0 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 # Set stdin to /dev/null since Prosody does not need it |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 StandardInput=null |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 # Direct stdout/-err to journald for use with log = "*stdout" |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 StandardOutput=journal |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 StandardError=inherit |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 # This usually defaults to 4k or so |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 # LimitNOFILE=1M |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 ## Interesting protection methods |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 # Finding a useful combo of these settings would be nice |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 # |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 # Needs read access to /etc/prosody for config |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 # Needs write access to /var/lib/prosody for storing data (for internal storage) |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 # Needs write access to /var/log/prosody for writing logs (depending on config) |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 # Needs read access to code and libraries loaded |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 # ReadWriteDirectories=/var/lib/prosody /var/log/prosody |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 # InaccessibleDirectories=/boot /home /media /mnt /root /srv |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 # ReadOnlyDirectories=/usr /etc/prosody |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 # PrivateTmp=true |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 # PrivateDevices=true |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 # PrivateNetwork=false |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 # ProtectSystem=full |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 # ProtectHome=true |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 # ProtectKernelTunables=true |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 # ProtectControlGroups=true |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 # SystemCallFilter= |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 # This should break LuaJIT |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
70 # MemoryDenyWriteExecute=true |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 |
|
f8ecb4b248b0
misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
72 |