From 26636a5519802fe9cf0b76725af763f1c0025e98 Mon Sep 17 00:00:00 2001 From: Aminda Suomalainen Date: Sat, 19 Jul 2025 12:07:05 +0300 Subject: [PATCH] socket.d: introduce {freebind,upheld}.conf --- etc/systemd/system/socket.d/freebind.conf | 2 ++ etc/systemd/system/socket.d/upheld.conf | 3 +++ install | 9 +++++---- 3 files changed, 10 insertions(+), 4 deletions(-) create mode 100644 etc/systemd/system/socket.d/freebind.conf create mode 100644 etc/systemd/system/socket.d/upheld.conf diff --git a/etc/systemd/system/socket.d/freebind.conf b/etc/systemd/system/socket.d/freebind.conf new file mode 100644 index 00000000..12987374 --- /dev/null +++ b/etc/systemd/system/socket.d/freebind.conf @@ -0,0 +1,2 @@ +[Socket] +FreeBind=true diff --git a/etc/systemd/system/socket.d/upheld.conf b/etc/systemd/system/socket.d/upheld.conf new file mode 100644 index 00000000..14be782c --- /dev/null +++ b/etc/systemd/system/socket.d/upheld.conf @@ -0,0 +1,3 @@ +# https://github.com/systemd/systemd/issues/11553#issuecomment-1700933643 +[Install] +UpheldBy=sockets.target diff --git a/install b/install index bda70b95..661f969a 100755 --- a/install +++ b/install @@ -174,7 +174,7 @@ if [ "$(id -u)" == "0" ]; then mkdir -vp /etc/systemd/system/{ssh,sshd,oidentd}.socket.d/ # SECURITY WARNING! cp -v etc/systemd/system/service.d/rngd-wanted.conf /etc/systemd/system/service.d/ - cp -v etc/systemd/system/socket.d/dualstack-bind.conf /etc/systemd/system/socket.d/ + cp -v etc/systemd/system/socket.d/{dualstack-bind,freebind,upheld}.conf /etc/systemd/system/socket.d/ # SECURITY WARNING! cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/ssh.service.d/ cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/sshd.service.d/ @@ -187,9 +187,10 @@ if [ "$(id -u)" == "0" ]; then cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/unbound.service.d/ cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/tor.service.d/ cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/yggdrasil.service.d/ - cp -v etc/systemd/system/socket.d/dualstack-bind.conf /etc/systemd/system/ssh.socket.d/ - cp -v etc/systemd/system/socket.d/dualstack-bind.conf /etc/systemd/system/sshd.socket.d/ - cp -v etc/systemd/system/socket.d/dualstack-bind.conf /etc/systemd/system/oidentd.socket.d/ + #cp -v etc/systemd/system/socket.d/dualstack-bind.conf /etc/systemd/system/ssh.socket.d/ + #cp -v etc/systemd/system/socket.d/dualstack-bind.conf /etc/systemd/system/sshd.socket.d/ + #cp -v etc/systemd/system/socket.d/dualstack-bind.conf /etc/systemd/system/oidentd.socket.d/ + rm -v /etc/systemd/system/*.socket.d/dualstack-bind.conf if hash systemctl 2> /dev/null; then systemctl daemon-reload