mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-09-22 22:14:58 +02:00
da384090f7
For some strange reason, this was not needed with systemd v208. But it's needed with systemd v215 on current Debian sid, and entirely makes sense.
30 lines
831 B
SYSTEMD
30 lines
831 B
SYSTEMD
[Unit]
|
|
Description = Anonymizing overlay network for TCP
|
|
After = syslog.target network.target nss-lookup.target
|
|
|
|
[Service]
|
|
Type = simple
|
|
ExecStartPre = @BINDIR@/tor -f @CONFDIR@/torrc --verify-config
|
|
# A torrc that has "RunAsDaemon 1" won't work with the "simple" service type;
|
|
# let's explicitly override it.
|
|
ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc --RunAsDaemon 0
|
|
ExecReload = /bin/kill -HUP ${MAINPID}
|
|
KillSignal = SIGINT
|
|
TimeoutSec = 30
|
|
Restart = on-failure
|
|
LimitNOFILE = 32768
|
|
|
|
# Hardening
|
|
PrivateTmp = yes
|
|
DeviceAllow = /dev/null rw
|
|
DeviceAllow = /dev/urandom r
|
|
InaccessibleDirectories = /home
|
|
ReadOnlyDirectories = /
|
|
ReadWriteDirectories = @LOCALSTATEDIR@/lib/tor
|
|
ReadWriteDirectories = @LOCALSTATEDIR@/log/tor
|
|
ReadWriteDirectories = @LOCALSTATEDIR@/run/tor
|
|
NoNewPrivileges = yes
|
|
|
|
[Install]
|
|
WantedBy = multi-user.target
|