209fe3ebd1
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4173 be551aaa-1e26-0410-a405-d3ace91eadb9
29 lines
812 B
SYSTEMD
29 lines
812 B
SYSTEMD
[Unit]
|
|
Description=Validating, recursive, and caching DNS resolver
|
|
Documentation=man:unbound(8)
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
|
|
[Service]
|
|
ExecReload=/bin/kill -HUP $MAINPID
|
|
ExecStart=@UNBOUND_SBIN_DIR@/unbound
|
|
NotifyAccess=main
|
|
Type=notify
|
|
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT
|
|
MemoryDenyWriteExecute=true
|
|
NoNewPrivileges=true
|
|
PrivateDevices=true
|
|
PrivateTmp=true
|
|
ProtectHome=true
|
|
ProtectControlGroups=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelTunables=true
|
|
ProtectSystem=strict
|
|
ReadWritePaths=@UNBOUND_SYSCONF_DIR@ @UNBOUND_LOCALSTATE_DIR@ /run @UNBOUND_RUN_DIR@
|
|
RestrictAddressFamilies=AF_INET AF_UNIX
|
|
RestrictRealtime=true
|
|
SystemCallArchitectures=native
|
|
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources
|
|
|