diff options
author | Matthewacon | 2019-05-24 12:48:04 -0400 |
---|---|---|
committer | Matthewacon | 2019-05-24 12:48:04 -0400 |
commit | f3214131d7b84ed5304d1cf11a2dabc817de6dba (patch) | |
tree | b4dc933e446c5a1a5c38197544961ba5d928cc6a /sslh-select@.service | |
download | aur-f3214131d7b84ed5304d1cf11a2dabc817de6dba.tar.gz |
Initial commit
Diffstat (limited to 'sslh-select@.service')
-rw-r--r-- | sslh-select@.service | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/sslh-select@.service b/sslh-select@.service new file mode 100644 index 000000000000..452e8c363d17 --- /dev/null +++ b/sslh-select@.service @@ -0,0 +1,30 @@ +[Unit] +Description=SSL/SSH multiplexer (select mode) for %I +Conflicts=sslh@%I.service +Requires=sslh@%I.socket +PartOf=sslh@%I.socket +After=network.target + +[Service] +EnvironmentFile=/etc/conf.d/sslh +ExecStart=/usr/bin/sslh-select -F/etc/sslh/%I.cfg -f -v +KillMode=process +ProtectSystem=strict +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +PrivateTmp=true +PrivateDevices=true +SecureBits=noroot-locked +MountFlags=private +NoNewPrivileges=true +CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +MemoryDenyWriteExecute=true +User=sslh +DynamicUser=true + +[Install] +WantedBy=multi-user.target |