/mandos/trunk

To get this branch, use:
bzr branch /loggerhead/mandos/trunk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
[Unit]
Description=Server of encrypted passwords to Mandos clients
Documentation=man:intro(8mandos) man:mandos(8)
## If the server is configured to listen to a specific IP or network
## interface, it may be necessary to change "network.target" to
## "network-online.target".
After=network.target
## If the server is configured to not use ZeroConf, these two lines
## become unnecessary and should be removed or commented out.
After=avahi-daemon.service
Requisite=avahi-daemon.service

[Service]
## If the server's D-Bus interface is disabled, the "BusName" setting
## should be removed or commented out.
BusName=se.recompile.Mandos
ExecStart=/usr/sbin/mandos --foreground
Restart=always
KillMode=mixed
## Using socket activation won't work, because systemd always does
## bind() on the socket, and also won't announce the ZeroConf service.
#ExecStart=/usr/sbin/mandos --foreground --socket=0
#StandardInput=socket
# Restrict what the Mandos daemon can do.  Note that this also affects
# "checker" programs!
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
ProtectHome=yes
CapabilityBoundingSet=CAP_KILL CAP_SETGID CAP_SETUID CAP_DAC_OVERRIDE CAP_NET_RAW
ProtectKernelTunables=yes
ProtectControlGroups=yes

[Install]
WantedBy=multi-user.target