Asger Weirsøe
32 lines
774 B
Desktop File
32 lines
774 B
Desktop File
[Unit]
|
|
Description=weircon-random-proxy fetch service
|
|
After=network-online.target weircon-proxies.target
|
|
Wants=network-online.target weircon-proxies.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
EnvironmentFile=/etc/weircon-random-proxy/fetch.env
|
|
ExecStart=/usr/local/bin/weircon-random-proxy
|
|
Restart=on-failure
|
|
RestartSec=3
|
|
# Service skal kun lytte i hoved-netns og må ikke køre som root.
|
|
DynamicUser=yes
|
|
NoNewPrivileges=yes
|
|
ProtectSystem=strict
|
|
ProtectHome=yes
|
|
PrivateTmp=yes
|
|
ProtectKernelTunables=yes
|
|
ProtectKernelModules=yes
|
|
ProtectControlGroups=yes
|
|
RestrictNamespaces=yes
|
|
RestrictRealtime=yes
|
|
LockPersonality=yes
|
|
MemoryDenyWriteExecute=yes
|
|
SystemCallFilter=@system-service
|
|
SystemCallErrorNumber=EPERM
|
|
CapabilityBoundingSet=
|
|
AmbientCapabilities=
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|