2014-04-21 15:47:44 +02:00
|
|
|
[Unit]
|
|
|
|
Description = Anonymizing overlay network for TCP
|
|
|
|
After = syslog.target network.target nss-lookup.target
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
Type = simple
|
2014-07-29 14:13:01 +02:00
|
|
|
ExecStartPre = @BINDIR@/tor -f @CONFDIR@/torrc --verify-config
|
2014-07-29 14:23:04 +02:00
|
|
|
# A torrc that has "RunAsDaemon 1" won't work with the "simple" service type;
|
|
|
|
# let's explicitly override it.
|
|
|
|
ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc --RunAsDaemon 0
|
2014-04-21 15:47:44 +02:00
|
|
|
ExecReload = /bin/kill -HUP ${MAINPID}
|
|
|
|
KillSignal = SIGINT
|
|
|
|
TimeoutSec = 30
|
|
|
|
Restart = on-failure
|
|
|
|
LimitNOFILE = 32768
|
|
|
|
|
|
|
|
# Hardening
|
|
|
|
PrivateTmp = yes
|
|
|
|
DeviceAllow = /dev/null rw
|
|
|
|
DeviceAllow = /dev/urandom r
|
|
|
|
InaccessibleDirectories = /home
|
2014-08-27 05:05:12 +02:00
|
|
|
ReadOnlyDirectories = /
|
|
|
|
ReadWriteDirectories = @LOCALSTATEDIR@/lib/tor
|
|
|
|
ReadWriteDirectories = @LOCALSTATEDIR@/log/tor
|
2014-08-27 05:18:26 +02:00
|
|
|
NoNewPrivileges = yes
|
2014-04-21 15:47:44 +02:00
|
|
|
|
|
|
|
[Install]
|
|
|
|
WantedBy = multi-user.target
|