blob: 01dd6c35578b1dbc247368e1e1b4576a4f9b0f40 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
[Unit]
Description=konnectd service
Requires=network-online.target
After=network-online.target
[Service]
User=konnectd
Group=konnectd
Restart=on-failure
ExecStart=/usr/bin/konnectd serve --identifier-client-path=/etc/konnect/ --identifier-registration-conf=/etc/konnect/
ExecReload=/bin/kill -HUP $MAINPID
NoNewPrivileges=true
ProtectHome=true
ProtectSystem=full
ProtectHostname=true
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=true
LockPersonality=true
RestrictRealtime=yes
RestrictNamespaces=yes
MemoryDenyWriteExecute=yes
PrivateDevices=yes
CapabilityBoundingSet=
[Install]
WantedBy=multi-user.target
|