From: Tollef Fog Heen <tfheen@err.no>
Date: Sat, 30 Sep 2017 19:44:15 +0000 (+0200)
Subject: DynamicUser and python don't mix, apply by hand instead
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=5c905360373d259a25c0e14e669d2d2f0843c78e;p=mirror%2Fdsa-puppet.git

DynamicUser and python don't mix, apply by hand instead

It seems like importing site fails for python with a dynamic user, so
set the same settings and run as nobody instead.
---

diff --git a/modules/roles/templates/mirror-health.service.erb b/modules/roles/templates/mirror-health.service.erb
index 6158951bf..badcd33dc 100644
--- a/modules/roles/templates/mirror-health.service.erb
+++ b/modules/roles/templates/mirror-health.service.erb
@@ -9,7 +9,11 @@ Description=Mirror health checking <%= @healthcheck_service %>
 [Service]
 ExecStart=/usr/local/sbin/mirror-health
 RuntimeDirectory=dsa-mirror-health-<%= @healthcheck_service %>
-DynamicUser=true
+ProtectSystem=full
+ProtectHome=read-only
+PrivateTmp=true
+User=nobody
+Group=nogroup
 
 Environment="MIRROR_CHECK_SERVICE=<%= @check_service %>"
 Environment="MIRROR_CHECK_URL=<%= @url %>"