mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-09-23 22:44:58 +02:00
b17918726d
If running under systemd, notify the supervisor about current PID of Tor daemon. This makes systemd unit simpler and more robust: it will do the right thing regardless of RunAsDaemon settings.
29 lines
725 B
SYSTEMD
29 lines
725 B
SYSTEMD
[Unit]
|
|
Description = Anonymizing overlay network for TCP
|
|
After = syslog.target network.target nss-lookup.target
|
|
|
|
[Service]
|
|
Type = notify
|
|
NotifyAccess = all
|
|
ExecStartPre = @BINDIR@/tor -f @CONFDIR@/torrc --verify-config
|
|
ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc
|
|
ExecReload = /bin/kill -HUP ${MAINPID}
|
|
KillSignal = SIGINT
|
|
TimeoutSec = 30
|
|
Restart = on-failure
|
|
LimitNOFILE = 32768
|
|
|
|
# Hardening
|
|
PrivateTmp = yes
|
|
DeviceAllow = /dev/null rw
|
|
DeviceAllow = /dev/urandom r
|
|
InaccessibleDirectories = /home
|
|
ReadOnlyDirectories = /
|
|
ReadWriteDirectories = @LOCALSTATEDIR@/lib/tor
|
|
ReadWriteDirectories = @LOCALSTATEDIR@/log/tor
|
|
ReadWriteDirectories = @LOCALSTATEDIR@/run/tor
|
|
NoNewPrivileges = yes
|
|
|
|
[Install]
|
|
WantedBy = multi-user.target
|