blob: 902db9a64f226a21087f1ca93d1dabf9a017a5cb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
[Unit]
Description=AppGate driver service
[Service]
# Remove traces of appgate-resolver, if it wasn't terminated properly
ExecStartPre=/bin/sh -c "test -e /etc/resolv.appgate && (chattr -i /etc/resolv.conf || :; mv /etc/resolv.appgate /etc/resolv.conf) ||:"
ExecStart="/opt/appgate/tun-service"
Type=forking
Restart=always
ProtectHome=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
PrivateTmp=true
CapabilityBoundingSet=~CAP_SYS_ADMIN
CapabilityBoundingSet=~CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYSLOG
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_SYS_TIME
CapabilityBoundingSet=~CAP_SYS_RESOURCE
CapabilityBoundingSet=~CAP_SYS_PTRACE
CapabilityBoundingSet=~CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_SYS_MODULE
CapabilityBoundingSet=~CAP_SYS_CHROOT
CapabilityBoundingSet=~CAP_SYS_BOOT
InaccessiblePaths=-/mnt -/srv -/boot -/media
[Install]
WantedBy=multi-user.target
|