| Davide Pesavento | a7fead4 | 2019-01-19 21:18:17 -0500 | [diff] [blame] | 1 | [Unit] |
| 2 | Description=Certificate Management Service for NDN |
| tylerliu | efe913d | 2020-10-17 14:45:21 -0700 | [diff] [blame^] | 3 | Wants=nfd.service |
| Davide Pesavento | a7fead4 | 2019-01-19 21:18:17 -0500 | [diff] [blame] | 4 | After=nfd.service |
| 5 | |
| 6 | [Service] |
| tylerliu | efe913d | 2020-10-17 14:45:21 -0700 | [diff] [blame^] | 7 | Type=simple |
| Davide Pesavento | a7fead4 | 2019-01-19 21:18:17 -0500 | [diff] [blame] | 8 | Environment=HOME=%S/ndn/ndncert |
| 9 | EnvironmentFile=-@SYSCONFDIR@/default/ndncert |
| 10 | ExecStart=@BINDIR@/ndncert-ca-server $FLAGS |
| 11 | Restart=on-failure |
| 12 | RestartPreventExitStatus=2 |
| 13 | User=ndncert |
| 14 | |
| 15 | LockPersonality=yes |
| 16 | MemoryDenyWriteExecute=yes |
| 17 | NoNewPrivileges=yes |
| 18 | PrivateDevices=yes |
| 19 | PrivateTmp=yes |
| 20 | PrivateUsers=yes |
| 21 | ProtectControlGroups=yes |
| 22 | ProtectHome=yes |
| 23 | ProtectKernelModules=yes |
| 24 | ProtectKernelTunables=yes |
| 25 | ProtectSystem=full |
| 26 | RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 |
| 27 | RestrictNamespaces=yes |
| 28 | RestrictRealtime=yes |
| 29 | StateDirectory=ndn/ndncert |
| 30 | SystemCallArchitectures=native |
| 31 | SystemCallErrorNumber=EPERM |
| 32 | SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete @privileged @raw-io @reboot @setuid @swap |
| 33 | |
| 34 | [Install] |
| 35 | WantedBy=multi-user.target |
| tylerliu | efe913d | 2020-10-17 14:45:21 -0700 | [diff] [blame^] | 36 | Alias=ndncert.service |
| 37 | Alias=ndncert-ca.service |