unbound/contrib/unbound.service.in
wouter 209fe3ebd1 - Fix #1265 to use /bin/kill.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4173 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-05-18 07:08:55 +00:00

29 lines
812 B
SYSTEMD

[Unit]
Description=Validating, recursive, and caching DNS resolver
Documentation=man:unbound(8)
[Install]
WantedBy=multi-user.target
[Service]
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=@UNBOUND_SBIN_DIR@/unbound
NotifyAccess=main
Type=notify
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT
MemoryDenyWriteExecute=true
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
ProtectHome=true
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
ReadWritePaths=@UNBOUND_SYSCONF_DIR@ @UNBOUND_LOCALSTATE_DIR@ /run @UNBOUND_RUN_DIR@
RestrictAddressFamilies=AF_INET AF_UNIX
RestrictRealtime=true
SystemCallArchitectures=native
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources