diff --git a/src/Daemon/main.cpp b/src/Daemon/main.cpp index ee03dc93..2684c058 100644 --- a/src/Daemon/main.cpp +++ b/src/Daemon/main.cpp @@ -39,7 +39,7 @@ #endif #ifndef USBGUARD_PID_FILE - #define USBGUARD_PID_FILE "/var/run/usbguard.pid" + #define USBGUARD_PID_FILE "/var/run/usbguard/usbguard.pid" #endif using namespace usbguard; diff --git a/src/Tests/LDAP/Sanity/ldap-nsswitch.sh b/src/Tests/LDAP/Sanity/ldap-nsswitch.sh index ea5cb751..4967b2ed 100755 --- a/src/Tests/LDAP/Sanity/ldap-nsswitch.sh +++ b/src/Tests/LDAP/Sanity/ldap-nsswitch.sh @@ -91,7 +91,7 @@ sudo -n cp "$ldap_path" /etc/usbguard/usbguard-ldap.conf COUNTER="0" declare -A BAD -PIDFILE="/var/run/usbguard.pid" +PIDFILE="/var/run/usbguard/usbguard.pid" function grep_and_fail () { diff --git a/src/Tests/LDAP/UseCase/ldap-test-1.sh b/src/Tests/LDAP/UseCase/ldap-test-1.sh index bf309b31..0076b45a 100755 --- a/src/Tests/LDAP/UseCase/ldap-test-1.sh +++ b/src/Tests/LDAP/UseCase/ldap-test-1.sh @@ -89,7 +89,7 @@ sudo -n cat "$ldap_path" sudo -n cp "$ldap_path" /etc/usbguard/usbguard-ldap.conf -PIDFILE="/var/run/usbguard.pid" +PIDFILE="/var/run/usbguard/usbguard.pid" ${LDAP_UTIL} delete && true ${LDAP_UTIL} setup diff --git a/src/Tests/LDAP/UseCase/ldap-test-2.sh b/src/Tests/LDAP/UseCase/ldap-test-2.sh index bc2253e9..56aa5f39 100755 --- a/src/Tests/LDAP/UseCase/ldap-test-2.sh +++ b/src/Tests/LDAP/UseCase/ldap-test-2.sh @@ -89,7 +89,7 @@ sudo -n cat "$ldap_path" sudo -n cp "$ldap_path" /etc/usbguard/usbguard-ldap.conf -PIDFILE="/var/run/usbguard.pid" +PIDFILE="/var/run/usbguard/usbguard.pid" ${LDAP_UTIL} delete && true ${LDAP_UTIL} setup diff --git a/src/Tests/LDAP/UseCase/ldap-test-3.sh b/src/Tests/LDAP/UseCase/ldap-test-3.sh index b6a7131c..381d1ce1 100755 --- a/src/Tests/LDAP/UseCase/ldap-test-3.sh +++ b/src/Tests/LDAP/UseCase/ldap-test-3.sh @@ -89,7 +89,7 @@ sudo -n cat "$ldap_path" sudo -n cp "$ldap_path" /etc/usbguard/usbguard-ldap.conf -PIDFILE="/var/run/usbguard.pid" +PIDFILE="/var/run/usbguard/usbguard.pid" ${LDAP_UTIL} delete && true # ${LDAP_UTIL} setup diff --git a/src/Tests/LDAP/UseCase/ldap-test-4.sh b/src/Tests/LDAP/UseCase/ldap-test-4.sh index 507ec6af..56129720 100755 --- a/src/Tests/LDAP/UseCase/ldap-test-4.sh +++ b/src/Tests/LDAP/UseCase/ldap-test-4.sh @@ -89,7 +89,7 @@ sudo -n cat "$ldap_path" sudo -n cp "$ldap_path" /etc/usbguard/usbguard-ldap.conf -PIDFILE="/var/run/usbguard.pid" +PIDFILE="/var/run/usbguard/usbguard.pid" # ${LDAP_UTIL} delete && true # ${LDAP_UTIL} setup diff --git a/src/Tests/LDAP/UseCase/ldap-test-5.sh b/src/Tests/LDAP/UseCase/ldap-test-5.sh index 7dbc7f17..4eb9a8a1 100755 --- a/src/Tests/LDAP/UseCase/ldap-test-5.sh +++ b/src/Tests/LDAP/UseCase/ldap-test-5.sh @@ -141,7 +141,7 @@ sudo -n cat "$ldap_path" sudo -n cp "$ldap_path" /etc/usbguard/usbguard-ldap.conf -PIDFILE="/var/run/usbguard.pid" +PIDFILE="/var/run/usbguard/usbguard.pid" ${LDAP_UTIL} delete && true ${LDAP_UTIL} setup diff --git a/src/Tests/UseCase/004_daemonize.sh b/src/Tests/UseCase/004_daemonize.sh index 47d4fe7f..1c820eee 100755 --- a/src/Tests/UseCase/004_daemonize.sh +++ b/src/Tests/UseCase/004_daemonize.sh @@ -26,7 +26,7 @@ source "${USBGUARD_TESTLIB_BASH}" || exit 129 export USBGUARD_TESTLIB_TMPDIR="$(mktemp -d --tmpdir usbguard-test.XXXXXX)" export config_path="${USBGUARD_TESTLIB_TMPDIR}/daemon.conf" -export pidfile_path="${USBGUARD_TESTLIB_TMPDIR}/usbguard.pid" +export pidfile_path="${USBGUARD_TESTLIB_TMPDIR}/usbguard/usbguard.pid" export logfile="${USBGUARD_TESTLIB_TMPDIR}/daemon.log" function test_cli_daemonize() diff --git a/usbguard.service.in b/usbguard.service.in index c618618b..c083b257 100644 --- a/usbguard.service.in +++ b/usbguard.service.in @@ -12,7 +12,7 @@ IPAddressDeny=any LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes -PIDFile=/run/usbguard.pid +PIDFile=/run/usbguard/usbguard.pid PrivateDevices=yes PrivateTmp=yes ProtectControlGroups=yes @@ -20,11 +20,12 @@ ProtectHome=yes ProtectKernelModules=yes ProtectSystem=yes ReadOnlyPaths=-/ -ReadWritePaths=-/dev/shm -%localstatedir%/log/usbguard -/tmp -%sysconfdir%/usbguard/ -/var/run +ReadWritePaths=-/dev/shm -%localstatedir%/log/usbguard -/tmp -%sysconfdir%/usbguard/ -/var/run/usbguard Restart=on-failure RestrictAddressFamilies=AF_UNIX AF_NETLINK RestrictNamespaces=yes RestrictRealtime=yes +RuntimeDirectory=usbguard SystemCallArchitectures=native SystemCallFilter=@system-service Type=forking