| Davide Pesavento | a7fead4 | 2019-01-19 21:18:17 -0500 | [diff] [blame] | 1 | [Unit] |
| 2 | Description=Certificate Management Service for NDN |
| 3 | BindsTo=nfd.service |
| 4 | After=nfd.service |
| 5 | |
| 6 | [Service] |
| 7 | Environment=HOME=%S/ndn/ndncert |
| 8 | EnvironmentFile=-@SYSCONFDIR@/default/ndncert |
| 9 | ExecStart=@BINDIR@/ndncert-ca-server $FLAGS |
| 10 | Restart=on-failure |
| 11 | RestartPreventExitStatus=2 |
| 12 | User=ndncert |
| 13 | |
| 14 | LockPersonality=yes |
| 15 | MemoryDenyWriteExecute=yes |
| 16 | NoNewPrivileges=yes |
| 17 | PrivateDevices=yes |
| 18 | PrivateTmp=yes |
| 19 | PrivateUsers=yes |
| 20 | ProtectControlGroups=yes |
| 21 | ProtectHome=yes |
| 22 | ProtectKernelModules=yes |
| 23 | ProtectKernelTunables=yes |
| 24 | ProtectSystem=full |
| 25 | RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 |
| 26 | RestrictNamespaces=yes |
| 27 | RestrictRealtime=yes |
| 28 | StateDirectory=ndn/ndncert |
| 29 | SystemCallArchitectures=native |
| 30 | SystemCallErrorNumber=EPERM |
| 31 | SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete @privileged @raw-io @reboot @setuid @swap |
| 32 | |
| 33 | [Install] |
| 34 | WantedBy=multi-user.target |
| 35 | WantedBy=nfd.service |