The systemd service file shipped with sslh has been hardened recently, including the use of DynamicUser (systemd's version of privilege dropping). However, this means the "--user nobody" option which we give as part of the sample configuration file will fail, causing sslh to fail to start. The sample configuration Gentoo ships is not part of upstream, so there's not much that upstream can do. However, it might be nice to add something to example configuration script to point out that privilege dropping won't work with systemd.
Created attachment 558804 [details, diff] Patch to sample config file Here's one proposal for updated sample configuration. I did not think that updating this would warrant a revision update as it's just documenting a commented config file, but am happy to be told otherwise. Also happy for any other tips.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5f9d49338827aa158ae5a94ce62d7fb722d1e785 commit 5f9d49338827aa158ae5a94ce62d7fb722d1e785 Author: William Pettersson <william@ewpettersson.se> AuthorDate: 2018-12-29 13:23:17 +0000 Commit: Michael Palimaka <kensington@gentoo.org> CommitDate: 2019-03-25 11:46:14 +0000 net-misc/sslh: Update sample config file #673978 Updates the sample config file to support the systemd-level privilege dropping, as given by the upstream service file. Closes: https://bugs.gentoo.org/673978 Signed-off-by: William Pettersson <william@ewpettersson.se> Signed-off-by: Michael Palimaka <kensington@gentoo.org> net-misc/sslh/files/sslh.conf.d-2 | 6 ++++++ 1 file changed, 6 insertions(+)
Thanks for the patch, and sorry for the delay in merging it.
