mirror/nlnetlabs-routinator
1
0
Fork 0
mirror of https://github.com/NLnetLabs/routinator.git synced 2024-05-19 06:50:04 +00:00
Code Issues Releases Activity
nlnetlabs-routinator/etc/routinator.service
Martin Hoffmann 6e85881002 Adjust systemd unit file to new realities
2019-05-29 17:56:21 +02:00

35 lines
809 B
Desktop File
Raw Blame History

[Unit]
Description=Routinator 3000
Documentation=man:routinator(1)
After=network.target
[Service]
ExecStart=/usr/bin/routinator --config=/etc/routinator/routinator.conf --syslog server
Type=exec
RestartSec=0
User=routinator
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
ReadWritePaths=/var/lib/routinator/
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
StateDirectory=routinator
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
SystemCallFilter=@system-service
[Install]
WantedBy=multi-user.target
View Git Blame Copy Permalink