mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-11-23 01:49:53 +03:00
af84a30adc
* change `ReadOnlyDirectories` -> `ReadOnlyPaths` and `ReadWriteDirectories` -> `ReadWritePaths` * add `ReadWritePaths` for other necessary directories (this should address #1111)
28 lines
832 B
Desktop File
28 lines
832 B
Desktop File
[Unit]
|
|
Description=SoftEther VPN Server
|
|
After=network.target auditd.service
|
|
ConditionPathExists=!@DIR@/softether/vpnserver/do_not_run
|
|
|
|
[Service]
|
|
Type=forking
|
|
TasksMax=16777216
|
|
EnvironmentFile=-@DIR@/softether/vpnserver
|
|
ExecStart=@DIR@/softether/vpnserver/vpnserver start
|
|
ExecStop=@DIR@/softether/vpnserver/vpnserver stop
|
|
KillMode=process
|
|
Restart=on-failure
|
|
|
|
# Hardening
|
|
PrivateTmp=yes
|
|
ProtectHome=yes
|
|
ProtectSystem=full
|
|
ReadOnlyPaths=/
|
|
ReadWritePaths=-@DIR@/softether/vpnserver
|
|
ReadWritePaths=@CPACK_PACKAGING_INSTALL_PREFIX@/run/softether
|
|
ReadWritePaths=@CPACK_PACKAGING_INSTALL_PREFIX@/var/log/softether
|
|
ReadWritePaths=@CPACK_PACKAGING_INSTALL_PREFIX@/var/lib/softether
|
|
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYSLOG CAP_SETUID
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|