X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/dfe2dc343afd3bb48e385e935a50fff114ed36be..30ef8745d3eb17586212c0e797158ac373934b58:/cookbooks/systemd/templates/default/service.erb diff --git a/cookbooks/systemd/templates/default/service.erb b/cookbooks/systemd/templates/default/service.erb index 5f6e787e5..e64ead225 100644 --- a/cookbooks/systemd/templates/default/service.erb +++ b/cookbooks/systemd/templates/default/service.erb @@ -61,19 +61,25 @@ WorkingDirectory=<%= @working_directory %> <% if @dropin -%> ExecStartPre= <% end -%> -ExecStartPre=<%= @exec_start_pre %> +<% Array(@exec_start_pre).each do |exec_start_pre| -%> +ExecStartPre=<%= exec_start_pre %> +<% end -%> <% end -%> <% if @exec_start -%> <% if @dropin -%> ExecStart= <% end -%> -ExecStart=<%= @exec_start %> +<% Array(@exec_start).each do |exec_start| -%> +ExecStart=<%= exec_start %> +<% end -%> <% end -%> <% if @exec_start_post -%> <% if @dropin -%> ExecStartPost= <% end -%> -ExecStartPost=<%= @exec_start_post %> +<% Array(@exec_start_post).each do |exec_start_post| -%> +ExecStartPost=<%= exec_start_post %> +<% end -%> <% end -%> <% if @exec_stop -%> <% if @dropin -%> @@ -105,17 +111,17 @@ StandardOutput=<%= @standard_output %> <% if @standard_error -%> StandardError=<%= @standard_error %> <% end -%> -<% if @protect_proc -%> +<% if @protect_proc && node[:lsb][:release].to_f >= 22.04 -%> ProtectProc=<%= @protect_proc %> <% end -%> -<% if @proc_subset -%> +<% if @proc_subset && node[:lsb][:release].to_f >= 22.04 -%> ProcSubset=<%= @proc_subset %> <% end -%> <% if @no_new_privileges -%> NoNewPrivileges=<%= @no_new_privileges %> <% end -%> <% if @capability_bounding_set -%> -CapabilityBoundingSet=<%= Array(@capability_bounding_set).join(" ") %> +CapabilityBoundingSet=<%= Array(@capability_bounding_set).sort.uniq.join(" ") %> <% end -%> <% if @protect_system -%> ProtectSystem=<%= @protect_system %> @@ -124,13 +130,13 @@ ProtectSystem=<%= @protect_system %> ProtectHome=<%= @protect_home %> <% end -%> <% if @read_write_paths -%> -ReadWritePaths=<%= Array(@read_write_paths).join(" ") %> +ReadWritePaths=<%= Array(@read_write_paths).sort.uniq.join(" ") %> <% end -%> <% if @read_only_paths -%> -ReadOnlyPaths=<%= Array(@read_only_paths).join(" ") %> +ReadOnlyPaths=<%= Array(@read_only_paths).sort.uniq.join(" ") %> <% end -%> <% if @inaccessible_paths -%> -InaccessiblePaths=<%= Array(@inaccessible_paths).join(" ") %> +InaccessiblePaths=<%= Array(@inaccessible_paths).sort.uniq.join(" ") %> <% end -%> <% if @private_tmp -%> PrivateTmp=<%= @private_tmp %> @@ -141,7 +147,7 @@ PrivateDevices=<%= @private_devices %> <% if @private_network -%> PrivateNetwork=<%= @private_network %> <% end -%> -<% if @private_ipc -%> +<% if @private_ipc && node[:lsb][:release].to_f >= 22.04 -%> PrivateIPC=<%= @private_ipc %> <% end -%> <% if @private_users -%> @@ -166,10 +172,10 @@ ProtectKernelLogs=<%= @protect_kernel_logs %> ProtectControlGroups=<%= @protect_control_groups %> <% end -%> <% if @restrict_address_families -%> -RestrictAddressFamilies=<%= Array(@restrict_address_families).join(" ") %> +RestrictAddressFamilies=<%= Array(@restrict_address_families).sort.uniq.join(" ") %> <% end -%> <% if @restrict_namespaces -%> -RestrictNamespaces=<%= Array(@restrict_namespaces).join(" ") %> +RestrictNamespaces=<%= Array(@restrict_namespaces).sort.uniq.join(" ") %> <% end -%> <% if @lock_personality -%> LockPersonality=<%= @lock_personality %> @@ -190,7 +196,7 @@ RemoveIPC=<%= @remove_ipc %> SystemCallFilter=<%= Array(@system_call_filter).join(" ") %> <% end -%> <% if @system_call_architectures -%> -SystemCallArchitectures=<%= Array(@system_call_architectures).join(" ") %> +SystemCallArchitectures=<%= Array(@system_call_architectures).sort.uniq.join(" ") %> <% end -%> <% if @tasks_max -%> TasksMax=<%= @tasks_max %>