mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-08-05 21:37:15 +02:00
157f6da0be
the init was starting coredns as root. In that case, the cap_net_bind_service is not used. With this script, coredns will start as unprivileged user and will use the capability to bind to a privileged port
35 lines
837 B
Bash
35 lines
837 B
Bash
#!/sbin/openrc-run
|
|
# Copyright 2017-2020 Gentoo Authors
|
|
# Distributed under the terms of the GNU General Public License v2
|
|
|
|
description="CoreDNS service"
|
|
pidfile="${pidfile:-"/run/${SVCNAME}.pid"}"
|
|
command_user="coredns"
|
|
|
|
supervisor="supervise-daemon"
|
|
command="/usr/bin/coredns"
|
|
command_args="-conf ${COREDNS_CONFIG} ${CORENDS_EXTRA_ARGS}"
|
|
capabilities="^cap_net_bind_service"
|
|
|
|
start_stop_daemon_args="--stdout /var/log/${SVCNAME}/${SVCNAME}.log \
|
|
--stderr /var/log/${SVCNAME}/${SVCNAME}.log"
|
|
|
|
depend() {
|
|
after net
|
|
}
|
|
|
|
start_pre() {
|
|
checkpath --directory --owner $command_user:$command_user --mode 0775 \
|
|
/run/$RC_SVCNAME /var/log/$RC_SVCNAME
|
|
}
|
|
|
|
if [[ -n "${COREDNS_HEALTHCHECK_URI}" ]]; then
|
|
healthcheck_delay=20
|
|
healthcheck_timer=30
|
|
|
|
healthcheck() {
|
|
command -v wget || return 0
|
|
wget -Oq- "${COREDNS_HEALTHCHECK_URI}"
|
|
}
|
|
fi
|