[tor-commits] [tor/master] Merge remote-tracking branch 'public/bug16162_026'
nickm at torproject.org
nickm at torproject.org
Mon Jul 20 15:02:03 UTC 2015
commit 0a329a7a05199d3d0ec21e072f91a2213b8fc7b8
Merge: 7983e00 6632a73
Author: Nick Mathewson <nickm at torproject.org>
Date: Mon Jul 20 11:01:58 2015 -0400
Merge remote-tracking branch 'public/bug16162_026'
changes/bug16162 | 5 +++++
contrib/dist/tor.service.in | 44 +++++++++++++++++++++----------------------
2 files changed, 27 insertions(+), 22 deletions(-)
diff --cc contrib/dist/tor.service.in
index ae339ff,58a74b7..9c1a255
--- a/contrib/dist/tor.service.in
+++ b/contrib/dist/tor.service.in
@@@ -1,35 -1,29 +1,35 @@@
+# tor.service -- this systemd configuration file for Tor sets up a
+# relatively conservative, hardened Tor service. You may need to
+# edit it if you are making changes to your Tor configuration that it
+# does not allow. Package maintainers: this should be a starting point
+# for your tor.service; it is not the last point.
+
[Unit]
- Description = Anonymizing overlay network for TCP
- After = syslog.target network.target nss-lookup.target
+ Description=Anonymizing overlay network for TCP
+ After=syslog.target network.target nss-lookup.target
[Service]
- Type = notify
- NotifyAccess = all
- ExecStartPre = @BINDIR@/tor -f @CONFDIR@/torrc --verify-config
- ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc
- ExecReload = /bin/kill -HUP ${MAINPID}
- KillSignal = SIGINT
- TimeoutSec = 30
- Restart = on-failure
- WatchdogSec = 1m
- LimitNOFILE = 32768
+ Type=notify
+ NotifyAccess=all
+ ExecStartPre=@BINDIR@/tor -f @CONFDIR@/torrc --verify-config
+ ExecStart=@BINDIR@/tor -f @CONFDIR@/torrc
+ ExecReload=/bin/kill -HUP ${MAINPID}
+ KillSignal=SIGINT
+ TimeoutSec=30
+ Restart=on-failure
+ WatchdogSec=1m
+ LimitNOFILE=32768
# Hardening
- PrivateTmp = yes
- PrivateDevices = yes
- ProtectHome = yes
- ProtectSystem = full
- ReadOnlyDirectories = /
- ReadWriteDirectories = - at LOCALSTATEDIR@/lib/tor
- ReadWriteDirectories = - at LOCALSTATEDIR@/log/tor
- NoNewPrivileges = yes
- CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
+ PrivateTmp=yes
+ PrivateDevices=yes
+ ProtectHome=yes
+ ProtectSystem=full
+ ReadOnlyDirectories=/
+ ReadWriteDirectories=- at LOCALSTATEDIR@/lib/tor
+ ReadWriteDirectories=- at LOCALSTATEDIR@/log/tor
+ NoNewPrivileges=yes
+ CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
[Install]
- WantedBy = multi-user.target
+ WantedBy=multi-user.target
More information about the tor-commits
mailing list