diff options
author | Severin Glöckner | 2018-12-26 16:30:34 +0100 |
---|---|---|
committer | Severin Glöckner | 2018-12-26 16:30:34 +0100 |
commit | e400d9a2ad501bd4764ec2162aeaf3ba8149d720 (patch) | |
tree | 188bacaf4e24867e339ee7643535653968efdfac /wesnothd-1.6.service | |
parent | 13fab7d93cb6604216e218464745bdd491eb1a00 (diff) | |
download | aur-e400d9a2ad501bd4764ec2162aeaf3ba8149d720.tar.gz |
extend service file
Diffstat (limited to 'wesnothd-1.6.service')
-rw-r--r-- | wesnothd-1.6.service | 34 |
1 files changed, 26 insertions, 8 deletions
diff --git a/wesnothd-1.6.service b/wesnothd-1.6.service index 31cb9b2577f7..0dd6a9fbf089 100644 --- a/wesnothd-1.6.service +++ b/wesnothd-1.6.service @@ -3,22 +3,40 @@ Description=Wesnoth-1.6 Server Daemon Documentation=https://www.wesnoth.org/wiki/ServerAdministration Documentation=man:wesnothd-1.6(6) After=network.target -# They use by default the same port +# They use by default the same port. The -p option can be used to change it. Conflicts=wesnothd.service wesnothd-1.0.servicewesnothd-1.2.service wesnothd-1.4.service wesnothd-1.8.service wesnothd-1.10.service wesnothd-1.12.service wesnothd-1.14.service wesnothd-devel.service wesnothd-git.service [Service] +# If wesnothd is started from within the game it runs under a different user. +# Deleting the pipe resets owner, group and mode. +ExecStopPre=/bin/rm -f /run/wesnothd-1.4/socket + ExecStart=/usr/bin/wesnothd-1.6 -t 2 -T 5 -# you can use -c to specify the same configuration file -# which is used when starting wensothd from the wesnoth UI -# (and make sure wesnothd has the required access permissions) +# You can use -c to specify a same configuration file +# (and make sure wesnothd has the required access permissions). SyslogIdentifier=Wesnothd-1.6 User=nobody -Group=nobody -ExecStopPost=/usr/bin/rm -f /run/wesnothd-1.6/socket +Group=users + +# Remove remaining administration pipe: +ExecStopPost=/bin/rm -f /run/wesnothd-1.6/socket -# Additional security-related features -ProtectSystem=yes +# Additional security-related features: +ProtectSystem=strict +ProtectHome=yes +# When specifying with the -c option a file in the home directory, +# set ProtectHome=read-only and whitelist the directory or file with +# ReadWritePaths. +ReadWritePaths=/run/wesnothd-1.6 +InaccessiblePaths=/usr/include +InaccessiblePaths=/usr/src +InaccessiblePaths=/boot +InaccessiblePaths=/media +InaccessiblePaths=/mnt +InaccessiblePaths=/srv +InaccessiblePaths=/opt +InaccessiblePaths=/var PrivateTmp=yes PrivateDevices=yes NoNewPrivileges=yes |