Initial release

1 files changed, 29 insertions, 0 deletions

diff --git a/appgatedriver.service b/appgatedriver.service
new file mode 100644
index 000000000000..902db9a64f22
--- /dev/null
+++ b/appgatedriver.service
@@ -0,0 +1,29 @@
+[Unit]
+Description=AppGate driver service
+
+[Service]
+# Remove traces of appgate-resolver, if it wasn't terminated properly
+ExecStartPre=/bin/sh -c "test -e /etc/resolv.appgate && (chattr -i /etc/resolv.conf || :; mv /etc/resolv.appgate /etc/resolv.conf) ||:"
+ExecStart="/opt/appgate/tun-service"
+Type=forking
+Restart=always
+ProtectHome=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+PrivateTmp=true
+CapabilityBoundingSet=~CAP_SYS_ADMIN
+CapabilityBoundingSet=~CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYSLOG
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_SYS_TIME
+CapabilityBoundingSet=~CAP_SYS_RESOURCE
+CapabilityBoundingSet=~CAP_SYS_PTRACE
+CapabilityBoundingSet=~CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_SYS_MODULE
+CapabilityBoundingSet=~CAP_SYS_CHROOT
+CapabilityBoundingSet=~CAP_SYS_BOOT
+InaccessiblePaths=-/mnt -/srv -/boot -/media
+
+[Install]
+WantedBy=multi-user.target