Able to run the client like a regular program rather than needing systemd. Added tmpfiles conf file to auto generate the sheepit users home dir. Added a few more sandboxing options to the systemd service.

author: Jturnerusa 2020-09-16 17:53:26 -0400
committer: Jturnerusa 2020-09-16 17:53:26 -0400
commit: 88e23badf8dcb5effd411c6f34148f73a98fc1cd (patch)
tree: c8abc93a795d45a01d6b756e0e79358cef020380 /sheepit-client.service
parent: 0305a7d0aad08c1daff77335bbef3aaa30093f3d (diff)
download: aur-88e23badf8dcb5effd411c6f34148f73a98fc1cd.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/sheepit-client.service b/sheepit-client.service
index c1a0730f7459..8a090216e404 100644
--- a/sheepit-client.service
+++ b/sheepit-client.service
@@ -9,9 +9,12 @@ NoNewPrivileges=true
 ProtectSystem=strict
 ProtectHome=true
 PrivateDevices=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
 RestrictNamespaces=true
 CacheDirectory=sheepit-client/
-ExecStart=/usr/bin/sheepit-client
+CacheDirectoryMode=700
+ExecStart=/usr/bin/sheepit-client -config /etc/conf.d/sheepit-client
 RestartSec=60
 Restart=on-failure
author	Jturnerusa	2020-09-16 17:53:26 -0400
committer	Jturnerusa	2020-09-16 17:53:26 -0400
commit	88e23badf8dcb5effd411c6f34148f73a98fc1cd (patch)
tree	c8abc93a795d45a01d6b756e0e79358cef020380 /sheepit-client.service
parent	0305a7d0aad08c1daff77335bbef3aaa30093f3d (diff)
download	aur-88e23badf8dcb5effd411c6f34148f73a98fc1cd.tar.gz