From 6632a731fd76ac5cc09571a9e4bcc10d1a809a01 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 20 Jul 2015 11:00:23 -0400 Subject: [PATCH] Use a more recommended syntax for the systemd unit file closes 16162. --- changes/bug16162 | 5 +++++ contrib/dist/tor.service.in | 44 ++++++++++++++++++------------------- 2 files changed, 27 insertions(+), 22 deletions(-) create mode 100644 changes/bug16162 diff --git a/changes/bug16162 b/changes/bug16162 new file mode 100644 index 0000000000..3732424b78 --- /dev/null +++ b/changes/bug16162 @@ -0,0 +1,5 @@ + + o Minor bugfixes (systemd): + - Tor's systemd unit file no longer contains extraneous spaces. + These spaces would sometimes confuse tools like deb-systemd-helper. + Fixes bug 16162; bugfix on 0.2.5.5-alpha. diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in index c251158d9a..58a74b7fe7 100644 --- a/contrib/dist/tor.service.in +++ b/contrib/dist/tor.service.in @@ -1,29 +1,29 @@ [Unit] -Description = Anonymizing overlay network for TCP -After = syslog.target network.target nss-lookup.target +Description=Anonymizing overlay network for TCP +After=syslog.target network.target nss-lookup.target [Service] -Type = notify -NotifyAccess = all -ExecStartPre = @BINDIR@/tor -f @CONFDIR@/torrc --verify-config -ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc -ExecReload = /bin/kill -HUP ${MAINPID} -KillSignal = SIGINT -TimeoutSec = 30 -Restart = on-failure -WatchdogSec = 1m -LimitNOFILE = 32768 +Type=notify +NotifyAccess=all +ExecStartPre=@BINDIR@/tor -f @CONFDIR@/torrc --verify-config +ExecStart=@BINDIR@/tor -f @CONFDIR@/torrc +ExecReload=/bin/kill -HUP ${MAINPID} +KillSignal=SIGINT +TimeoutSec=30 +Restart=on-failure +WatchdogSec=1m +LimitNOFILE=32768 # Hardening -PrivateTmp = yes -PrivateDevices = yes -ProtectHome = yes -ProtectSystem = full -ReadOnlyDirectories = / -ReadWriteDirectories = -@LOCALSTATEDIR@/lib/tor -ReadWriteDirectories = -@LOCALSTATEDIR@/log/tor -NoNewPrivileges = yes -CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE +PrivateTmp=yes +PrivateDevices=yes +ProtectHome=yes +ProtectSystem=full +ReadOnlyDirectories=/ +ReadWriteDirectories=-@LOCALSTATEDIR@/lib/tor +ReadWriteDirectories=-@LOCALSTATEDIR@/log/tor +NoNewPrivileges=yes +CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE [Install] -WantedBy = multi-user.target +WantedBy=multi-user.target