diff options
author | Severin Glöckner | 2018-12-26 16:06:20 +0100 |
---|---|---|
committer | Severin Glöckner | 2018-12-26 16:06:20 +0100 |
commit | 1cc738059ad48ec007977f622b2a062fa914ff76 (patch) | |
tree | b5ee785b4a5d097ea9cdb519647ea75a5e2eee2b /wesnothd-1.2.service | |
parent | bdd46bc2e49854997b1454c2404468721e97d5a8 (diff) | |
download | aur-1cc738059ad48ec007977f622b2a062fa914ff76.tar.gz |
comments on the same line are not allowed in service files
Diffstat (limited to 'wesnothd-1.2.service')
-rw-r--r-- | wesnothd-1.2.service | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/wesnothd-1.2.service b/wesnothd-1.2.service index c0b057d7897a..c948a2b0b067 100644 --- a/wesnothd-1.2.service +++ b/wesnothd-1.2.service @@ -7,19 +7,36 @@ After=network.target Conflicts=wesnothd.service wesnothd-1.0.service wesnothd-1.4.service wesnothd-1.6.service wesnothd-1.8.service wesnothd-1.10.service wesnothd-1.12.service wesnothd-1.14.service wesnothd-devel.service wesnothd-git.service [Service] +# If wesnothd is started from within the game it runs under a different user +# Deleting the pipe resets owner, group and mode +ExecStopPre=/bin/rm -f /run/wesnothd-1.2/socket + ExecStart=/usr/bin/wesnothd-1.2 -t 2 -T 5 -# you can use -c to specify the same configuration file -# which is used when starting wensothd from the wesnoth UI +# you can use -c to specify a configuration file # (and make sure wesnothd has the required access permissions) SyslogIdentifier=Wesnothd-1.2 User=nobody Group=users -ExecStopPost=/usr/bin/rm -f /run/wesnothd-1.2/socket + +# Remove remaining administration pipe +ExecStopPost=/bin/rm -f /run/wesnothd-1.2/socket # Additional security-related features -ProtectSystem=yes -ProtectHome=yes # disable this if using the -c option +ProtectSystem=strict +ProtectHome=yes +# When specifying with the -c option a file in the home directory, +# set ProtectHome=read-only and whitelist the directory or file with +# ReadWritePaths. +ReadWritePaths=/run/wesnothd-1.2 +InaccessiblePaths=/usr/include +InaccessiblePaths=/usr/src +InaccessiblePaths=/boot +InaccessiblePaths=/media +InaccessiblePaths=/mnt +InaccessiblePaths=/srv +InaccessiblePaths=/opt +InaccessiblePaths=/var PrivateTmp=yes PrivateDevices=yes NoNewPrivileges=yes |