blob: 80e615b24f6b0b328f3d179a6b4b74a033928a77 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
[Unit]
Description=onetun %I
After=network-online.target nss-lookup.target
Wants=network-online.target nss-lookup.target
PartOf=onetun.target
[Service]
Type=simple
NoNewPrivileges=yes
PrivateTmp=yes
ProtectSystem=strict
# Prevent service from reading files in /home
ProtectHome=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectKernelLogs=yes
MemoryDenyWriteExecute=yes
LockPersonality=yes
ExecStart=/usr/bin/onetun
EnvironmentFile=/etc/onetun/%i.conf
[Install]
WantedBy=multi-user.target
|