summaryrefslogtreecommitdiffstats
path: root/distro/common/systemd/drop-in/systemd-compat.conf
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--distro/common/systemd/drop-in/systemd-compat.conf17
1 files changed, 17 insertions, 0 deletions
diff --git a/distro/common/systemd/drop-in/systemd-compat.conf b/distro/common/systemd/drop-in/systemd-compat.conf
new file mode 100644
index 0000000..d251c41
--- /dev/null
+++ b/distro/common/systemd/drop-in/systemd-compat.conf
@@ -0,0 +1,17 @@
+# /usr/lib/systemd/system/kresd@.service.d/override.conf
+
+# If systemd.227+ isn't available (e.g. CentOS 7), socket activation can't be used
+# and the following modifications are required to use the service with
+# manual activation.
+
+# CAP_NET_BIND_SERVICE is necessary to be able to bind to a well-known port
+# as an unprivilidged user.
+
+# Explicit --forks=1 turns off interactive mode.
+
+[Service]
+Type=simple
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+ExecStart=
+ExecStart=/usr/sbin/kresd --config=/etc/knot-resolver/kresd.conf --forks=1
+Sockets=