commit e5a7394258a14877da714d6664023037e72f3769
author Davide Pesavento <davidepesa@gmail.com> Sat Jan 26 20:54:13 2019 -0500
committer Davide Pesavento <davidepesa@gmail.com> Mon Jan 28 01:51:22 2019 -0500
tree a674404bc20dc0865e5304c735f18095bec68fa0
parent 56f79d69070e58fa7cfe44bfcf5c9ba7260f7dfb

Add systemd unit files

Change-Id: I17322ef7eda1f3bf0bc53b887508fadf039250cc

systemd/ndn-traffic-client.service.in

diff --git a/systemd/ndn-traffic-client.service.in b/systemd/ndn-traffic-client.service.in
new file mode 100644
index 0000000..9ffac02
--- /dev/null
+++ b/systemd/ndn-traffic-client.service.in
@@ -0,0 +1,42 @@
+[Unit]
+Description=NDN Traffic Generator Client
+BindsTo=nfd.service
+After=nfd.service
+
+[Service]
+Environment=HOME=%S/ndn/ndn-traffic-client
+EnvironmentFile=-@SYSCONFDIR@/default/ndn-traffic-client
+ExecStart=@BINDIR@/ndn-traffic-client @SYSCONFDIR@/ndn/ndn-traffic-client.conf $FLAGS
+Restart=on-failure
+RestartPreventExitStatus=2
+User=ndn-traffic-generator
+
+CapabilityBoundingSet=
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateNetwork=yes
+PrivateTmp=yes
+PrivateUsers=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+# systemd older than v232 doesn't support a value of "strict" for ProtectSystem,
+# so it will ignore that line and use ProtectSystem=full; with newer systemd,
+# the latter assignment is recognized and takes precedence, resulting in an
+# effective setting of ProtectSystem=strict
+ProtectSystem=full
+ProtectSystem=strict
+RestrictAddressFamilies=AF_UNIX
+RestrictNamespaces=yes
+RestrictRealtime=yes
+StateDirectory=ndn/ndn-traffic-client
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=~@aio @chown @clock @cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @resources @setuid @swap
+
+[Install]
+WantedBy=multi-user.target
+WantedBy=nfd.service