Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-traffic-generator / e5a7394258a14877da714d6664023037e72f3769 / . / systemd / ndn-traffic-server.service.in
blob: 91554d088ccbf358b96afecd6dc09607030f1b79 [file] [log] [blame]
Davide Pesaventoe5a73942019-01-26 20:54:13 -0500[diff] [blame^]1[Unit]
2Description=NDN Traffic Generator Server
3BindsTo=nfd.service
4After=nfd.service
5
6[Service]
7Environment=HOME=%S/ndn/ndn-traffic-server
8EnvironmentFile=-@SYSCONFDIR@/default/ndn-traffic-server
9ExecStart=@BINDIR@/ndn-traffic-server @SYSCONFDIR@/ndn/ndn-traffic-server.conf $FLAGS
10Restart=on-failure
11RestartPreventExitStatus=2
12User=ndn-traffic-generator
13
14CapabilityBoundingSet=
15LockPersonality=yes
16MemoryDenyWriteExecute=yes
17NoNewPrivileges=yes
18PrivateDevices=yes
19PrivateNetwork=yes
20PrivateTmp=yes
21PrivateUsers=yes
22ProtectControlGroups=yes
23ProtectHome=yes
24ProtectKernelModules=yes
25ProtectKernelTunables=yes
26# systemd older than v232 doesn't support a value of "strict" for ProtectSystem,
27# so it will ignore that line and use ProtectSystem=full; with newer systemd,
28# the latter assignment is recognized and takes precedence, resulting in an
29# effective setting of ProtectSystem=strict
30ProtectSystem=full
31ProtectSystem=strict
32RestrictAddressFamilies=AF_UNIX
33RestrictNamespaces=yes
34RestrictRealtime=yes
35StateDirectory=ndn/ndn-traffic-server
36SystemCallArchitectures=native
37SystemCallErrorNumber=EPERM
38SystemCallFilter=~@aio @chown @clock @cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @resources @setuid @swap
39
40[Install]
41WantedBy=multi-user.target
42WantedBy=nfd.service