I have configured Pyzor for rspamd following these instructions: https://www.rspamd.com/doc/modules/external_services.html#pyzor-specific-details
The instructions also have some systemd configs for the socket and the service.
Pyzor is now a socket activated service which is started at every connection. The problem is that systemd then creates a new directory for every run:
drw------- (…) 08:30 pyzor@164673-127.0.0.1:5953-127.0.0.1:60656.service
drw------- (…) 08:30 pyzor@164674-127.0.0.1:5953-127.0.0.1:60662.service
drw------- (…) 08:30 pyzor@164675-127.0.0.1:5953-127.0.0.1:60676.service
drw------- (…) 08:30 pyzor@164676-127.0.0.1:5953-127.0.0.1:60684.service
drw------- (…) 08:30 pyzor@164677-127.0.0.1:5953-127.0.0.1:60694.service
drw------- (…) 08:30 pyzor@164678-127.0.0.1:5953-127.0.0.1:60706.service/run runs out of inodes, preventing the creation of new Pyzor processes or any other process with an isolated namespace.
How can I prevent this situation or reconfigure the unit to delete these directories after a certain period of time?
The socket unit:
# /usr/lib/systemd/system/pyzor.socket
[Unit]
Description=Pyzor socket
[Socket]
ListenStream=127.0.0.1:5953
Accept=yes
[Install]
WantedBy=sockets.target# /usr/lib/systemd/system/pyzor@.service
[Unit]
Description=Pyzor Socket Service
Requires=pyzor.socket
[Service]
Type=simple
ExecStart=-/usr/bin/pyzor check
StandardInput=socket
StandardError=journal
TimeoutStopSec=10
User=_rspamd
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
PrivateUsers=true
ProtectControlGroups=true
ProtectHome=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
[Install]
WantedBy=multi-user.target
Asked by Kai Bojens
(21 rep)
Jul 5, 2023, 07:31 AM
Last activity: Nov 24, 2023, 02:36 PM
Last activity: Nov 24, 2023, 02:36 PM