net-dialup/freeradius: Bump v.3.0.18-r1 and review freeradius.service

Package-Manager: Portage-2.3.62, Repoman-2.3.12
Closes: https://bugs.gentoo.org/681696
Signed-off-by: Daniele Rondina <geaaru@gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/11492
Signed-off-by: Aaron W. Swenson <titanofold@gentoo.org>

1 files changed, 34 insertions, 0 deletions

diff --git a/net-dialup/freeradius/files/freeradius-3.0.18-systemd-service.patch b/net-dialup/freeradius/files/freeradius-3.0.18-systemd-service.patch
new file mode 100644
index 000000000000..3da4b422f5d9
--- /dev/null
+++ b/net-dialup/freeradius/files/freeradius-3.0.18-systemd-service.patch
@@ -0,0 +1,34 @@
+diff --git a/debian/freeradius.service b/debian/freeradius.service
+index 99873c0..97efc66 100644
+--- a/debian/freeradius.service
++++ b/debian/freeradius.service
+@@ -17,12 +17,26 @@ Environment=HOSTNAME=%H
+ # a leak somewhere.
+ MemoryLimit=2G
+ 
+-RuntimeDirectory=freeradius
++RuntimeDirectory=radiusd
+ RuntimeDirectoryMode=0775
+-ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cx -lstdout
+-ExecStart=/usr/sbin/freeradius $FREERADIUS_OPTIONS
++Group=radius
++User=radius
++ExecStartPre=/usr/sbin/radiusd $RADIUSD_OPTS -Cx -lstdout
++ExecStart=/usr/sbin/radiusd -f $RADIUSD_OPTS
++ExecReload=/usr/sbin/radiusd -C $RADIUSD_OPTS
++ExecReload=/bin/kill -HUP $MAINPID
+ Restart=on-failure
+ RestartSec=5
++ReadOnlyDirectories=/etc/raddb/
++ReadWriteDirectories=/var/log/radius/
++# Security options (https://github.com/FreeRADIUS/freeradius-server/issues/2637)
++NoNewPrivileges=true
++CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW
++PrivateTmp=true
++ProtectControlGroups=true
++ProtectKernelModules=true
++ProtectKernelTunables=true
++SystemCallArchitectures=native
+ 
+ [Install]
+ WantedBy=multi-user.target