diff options
Diffstat (limited to 'appgatedriver.service')
-rw-r--r-- | appgatedriver.service | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/appgatedriver.service b/appgatedriver.service new file mode 100644 index 000000000000..902db9a64f22 --- /dev/null +++ b/appgatedriver.service @@ -0,0 +1,29 @@ +[Unit] +Description=AppGate driver service + +[Service] +# Remove traces of appgate-resolver, if it wasn't terminated properly +ExecStartPre=/bin/sh -c "test -e /etc/resolv.appgate && (chattr -i /etc/resolv.conf || :; mv /etc/resolv.appgate /etc/resolv.conf) ||:" +ExecStart="/opt/appgate/tun-service" +Type=forking +Restart=always +ProtectHome=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectControlGroups=true +PrivateTmp=true +CapabilityBoundingSet=~CAP_SYS_ADMIN +CapabilityBoundingSet=~CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYSLOG +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_SYS_TIME +CapabilityBoundingSet=~CAP_SYS_RESOURCE +CapabilityBoundingSet=~CAP_SYS_PTRACE +CapabilityBoundingSet=~CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_SYS_MODULE +CapabilityBoundingSet=~CAP_SYS_CHROOT +CapabilityBoundingSet=~CAP_SYS_BOOT +InaccessiblePaths=-/mnt -/srv -/boot -/media + +[Install] +WantedBy=multi-user.target |