Remove mount and unmount permissions for jellyfin group from sudoers
Authored-by: Shadowghost <Ghost_of_Stone@web.de>
Merged-by: Claus Vium <cvium@users.noreply.github.com>
Original-merge: 9cebdfdec0
Reportedly `systemd-run --scope` still got killed by the service
manager; see #4615. The suspected cause is that `scope` units are run by
the `systemd-run` process itself and inherit the caller's execution
environment (see systemd-run(1)). To fix this, we use a systemd
`service` unit instead, which is run and managed by PID 1 - hopefully
this will isolate us sufficiently so that we don't get terminated along
with `jellyfin.service`.
systemd-run(1) runs `systemctl restart` in an isolated systemd unit
that is not subject to process termination as jellyfin.service is shut
down. We adjust the sudoers configuration for this new usage, removing
the old config, since restart.sh is the only user of the sudoers
policy.
Additionally we change `systemctl start` to `systemctl restart` since
there was a race condition where jellyfin.service was not fully
stopped by the time this ran, so `systemctl start` became a noop.
`systemctl restart` on the other hand works whether jellyfin.service is
stopped or not.
The at(1) hack (and the usage of `start` instead of `restart`) is left
in for other init systems since I cannot test on those systems, and
because I don't know of any systemd-run(1) equivalent (although it may
be a non-issue since alternate init systems do not keep track of daemon
children nearly as aggressively as systemd does).
1. Add log and config flags to init and config
2. Move the existing logs and config dirs to the right places
3. Some cleanups in the control scripts
4. Prune the changelog of pre-Jellyfin entries
* Build self-contained Debian linux-x64 binary
* Update initscripts to use self-contained binary
The binary is declared in the units intentionally rather than using
the variable extrapolation from before, to avoid confusion since
these can't really be moved reasonably.
* With combined binary name, use pgrep instead
* Remove dotnet-runtime dependency
* Move the compiled scb to usr/bin
* Update binary location for upstart/systemd
* Move binary path; fix pidfile handling
* Entirely remove the temporary usr/ dir
* Don't move the compiled binary
* Create /usr/bin symlink
* Use the variable here
* Update architecture to any
* Add libcurl4-openssl build dependency
* Update the build Dockerfile to install builddeps