systemd/nlsr.service.in

# Copyright (c) 2014-2019, The University of Memphis,
#                          Regents of the University of California,
#                          Arizona Board of Regents.
#
# This file is part of NLSR (Named-data Link State Routing).
# See AUTHORS.md for complete list of NLSR authors and contributors.
#
# NLSR is free software: you can redistribute it and/or modify it under the terms
# of the GNU General Public License as published by the Free Software Foundation,
# either version 3 of the License, or (at your option) any later version.
#
# NLSR is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
# without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE.  See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# NLSR, e.g., in COPYING.md file.  If not, see <http://www.gnu.org/licenses/>.
#
# Author: Eric Newberry <enewberry@email.arizona.edu>
# Author: Davide Pesavento <davidepesa@gmail.com>

[Unit]
Description=NDN Link State Routing Daemon
Documentation=man:nlsr(1)
BindsTo=nfd.service
After=nfd.service

[Service]
Environment=HOME=%S/ndn/nlsr
ExecStart=@BINDIR@/nlsr -f @SYSCONFDIR@/ndn/nlsr.conf
Restart=on-failure
RestartPreventExitStatus=2
User=nlsr

LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
# "nlsr" is the state-dir, "ndn/nlsr" is the HOME
StateDirectory=nlsr ndn/nlsr
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete @privileged @raw-io @reboot @setuid @swap

[Install]
WantedBy=multi-user.target
WantedBy=nfd.service