From edd1dcd091bf7df555f099d68033a4405b804070 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 18 Apr 2018 18:50:06 +0200
Subject: [PATCH] man: don't place nginx socket in /tmp (#8757)

First of all, it's frickin' ugly and wrong, as IPC sockets should be
placed in /run and definitely not under a guessable name under
world-writable /tmp. Secondly, it can't even work as we set
PrivateTmp=yes on the service.

Hence, let's clean up the example, and simply use a socket in /run
instead.

Fixes: #8419
---
 man/systemd-socket-proxyd.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/man/systemd-socket-proxyd.xml b/man/systemd-socket-proxyd.xml
index ced509d..68bacca 100644
--- a/man/systemd-socket-proxyd.xml
+++ b/man/systemd-socket-proxyd.xml
@@ -111,7 +111,7 @@ Requires=proxy-to-nginx.socket
 After=proxy-to-nginx.socket
 
 [Service]
-ExecStart=/usr/lib/systemd/systemd-socket-proxyd /tmp/nginx.sock
+ExecStart=/usr/lib/systemd/systemd-socket-proxyd /run/nginx/socket
 PrivateTmp=yes
 PrivateNetwork=yes]]></programlisting>
       </example>
@@ -120,7 +120,7 @@ PrivateNetwork=yes]]></programlisting>
         <programlisting>
 <![CDATA[[â¦]
 server {
-    listen       unix:/tmp/nginx.sock;
+    listen       unix:/run/nginx/socket;
     [â¦]]]>
 </programlisting>
       </example>
-- 
2.7.4

