[tor-commits] [tor/master] systemd changes for 13805 as recommened by Tomasz on that ticket.
nickm at torproject.org
nickm at torproject.org
Sun Jan 11 16:27:22 UTC 2015
commit 96a407a2435213a1b9a7e1f6373955fdce743d60
Author: Nick Mathewson <nickm at torproject.org>
Date: Sun Jan 11 11:26:08 2015 -0500
systemd changes for 13805 as recommened by Tomasz on that ticket.
---
contrib/dist/tor.service.in | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in
index d7bf611..93be702 100644
--- a/contrib/dist/tor.service.in
+++ b/contrib/dist/tor.service.in
@@ -6,7 +6,7 @@ After = syslog.target network.target nss-lookup.target
Type = notify
NotifyAccess = all
ExecStartPre = @BINDIR@/tor -f @CONFDIR@/torrc --verify-config
-ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc
+ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc
ExecReload = /bin/kill -HUP ${MAINPID}
KillSignal = SIGINT
TimeoutSec = 30
@@ -22,8 +22,9 @@ ProtectSystem = full
ReadOnlyDirectories = /
ReadWriteDirectories = - at LOCALSTATEDIR@/lib/tor
ReadWriteDirectories = - at LOCALSTATEDIR@/log/tor
-ReadWriteDirectories = - at LOCALSTATEDIR@/run/tor
NoNewPrivileges = yes
+ReadWriteDirectories = - at LOCALSTATEDIR@/run/tor
+CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
[Install]
WantedBy = multi-user.target
More information about the tor-commits
mailing list