Am 05.02.2015 um 22:05 schrieb Tom Rivers:
On 2/5/2015 15:58, Reindl Harald wrote:
> why in the world does SA need portreserve?
To be honest, I'm not sure that SA is the package that needs it. It is
actually systemd that references it in the spamassassin.service file:
# cat /usr/lib/systemd/system/spamassassin.service
[Unit]
Description=Spamassassin daemon
After=syslog.target network.target
[Service]
EnvironmentFile=-/etc/sysconfig/spamassassin
ExecStartPre=-/sbin/portrelease spamd
ExecStart=/usr/bin/spamd $SPAMDOPTIONS
StandardOutput=null
StandardError=null
Restart=always
[Install]
WantedBy=multi-user.target
well, thats why the first after install a service is fork the
systemd-unit in /etc/systemd/system and get rid of cruft
root@testserver:~]$ cat /etc/systemd/system/spamassassin.service
[Unit]
Description=Spamassassin Daemon
After=network.service systemd-networkd.service network-online.target
Before=postfix.service
[Service]
Environment="TMPDIR=/tmp"
PermissionsStartOnly=true
ExecStartPre=/usr/bin/find /var/lib/spamassassin/ -type d -exec
/bin/chmod 0755 "{}" \;
ExecStartPre=/usr/bin/find /var/lib/spamassassin/ -type f -exec
/bin/chmod 0644 "{}" \;
ExecStart=/usr/bin/spamd -c -H --max-children=10 --min-children=1
--min-spare=1 --max-spare=3 --port=10028
ExecReload=/usr/bin/kill -HUP $MAINPID
Environment="LANG=en_GB.UTF-8"
User=sa-milt
Group=sa-milt
Nice=15
StandardOutput=null
StandardError=null
SyslogFacility=mail
Restart=always
RestartSec=1
PrivateTmp=yes
PrivateDevices=yes
NoNewPrivileges=yes
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_WRITE CAP_NET_ADMIN
CAP_NET_BIND_SERVICE CAP_SYS_ADMIN CAP_SYS_BOOT CAP_SYS_MODULE
CAP_SYS_PTRACE
RestrictAddressFamilies=~AF_APPLETALK AF_ATMPVC AF_AX25 AF_PACKET AF_X25
ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr