mirrors/ngircd
1
0
Fork 0
mirror of https://github.com/osmarks/ngircd.git synced 2025-10-31 05:52:59 +00:00
Code Issues Releases Wiki Activity

Enhance systemd service file

Browse Source 
- Add homepage :-)
- Remote CAP_SETUID and CAP_SETGID from CapabilityBoundingSet: This is
  nor needed, because the unit already sets User=irc and Group=irc.
- Add RestrictAddressFamilies, and restrict it to AF_INET and AF_INET6.
- Read in the Debian "default files", but note: only PARAMS is supported!
This commit is contained in:
Alexander Barton
2017-01-06 00:34:51 +01:00
parent 9e0e955daf
commit f0532c98cd
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
contrib/ngircd.service
View File

@@ -1,21 +1,25 @@
[Unit] [Unit]
Description=Next Generation IRC Daemon Description=Next Generation IRC Daemon
Documentation=man:ngircd(8) man:ngircd.conf(5) Documentation=man:ngircd(8) man:ngircd.conf(5) https://ngircd.barton.de
After=network.target After=network.target
[Service] [Service]
Type=forking Type=forking
User=irc User=irc
Group=irc Group=irc
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SYS_CHROOT CAP_NET_BIND_SERVICE CapabilityBoundingSet=CAP_SYS_CHROOT CAP_NET_BIND_SERVICE
PrivateTmp=yes PrivateTmp=yes
PrivateDevices=yes PrivateDevices=yes
ProtectSystem=full ProtectSystem=full
ProtectHome=true ProtectHome=true
NoNewPrivileges=true NoNewPrivileges=true
RestrictAddressFamilies=AF_INET AF_INET6
RuntimeDirectory=ircd RuntimeDirectory=ircd
RuntimeDirectoryMode=750 RuntimeDirectoryMode=750
ExecStart=/usr/sbin/ngircd EnvironmentFile=-/etc/default/ngircd
EnvironmentFile=-/etc/default/ngircd-full
EnvironmentFile=-/etc/default/ngircd-full-dbg
ExecStart=/usr/sbin/ngircd $PARAMS
ExecReload=/bin/kill -HUP $MAINPID ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure Restart=on-failure