diff options
author | Nick Mathewson <nickm@torproject.org> | 2015-07-20 11:01:58 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2015-07-20 11:01:58 -0400 |
commit | 0a329a7a05199d3d0ec21e072f91a2213b8fc7b8 (patch) | |
tree | 6d7a40bc01b54072c9649a76fb5fd44f04feb7ce /contrib/dist | |
parent | 7983e00938974dd5c507e2847489d301703d4750 (diff) | |
parent | 6632a731fd76ac5cc09571a9e4bcc10d1a809a01 (diff) | |
download | tor-0a329a7a05199d3d0ec21e072f91a2213b8fc7b8.tar.gz tor-0a329a7a05199d3d0ec21e072f91a2213b8fc7b8.zip |
Merge remote-tracking branch 'public/bug16162_026'
Diffstat (limited to 'contrib/dist')
-rw-r--r-- | contrib/dist/tor.service.in | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in index ae339ff844..9c1a255b2e 100644 --- a/contrib/dist/tor.service.in +++ b/contrib/dist/tor.service.in @@ -5,31 +5,31 @@ # for your tor.service; it is not the last point. [Unit] -Description = Anonymizing overlay network for TCP -After = syslog.target network.target nss-lookup.target +Description=Anonymizing overlay network for TCP +After=syslog.target network.target nss-lookup.target [Service] -Type = notify -NotifyAccess = all -ExecStartPre = @BINDIR@/tor -f @CONFDIR@/torrc --verify-config -ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc -ExecReload = /bin/kill -HUP ${MAINPID} -KillSignal = SIGINT -TimeoutSec = 30 -Restart = on-failure -WatchdogSec = 1m -LimitNOFILE = 32768 +Type=notify +NotifyAccess=all +ExecStartPre=@BINDIR@/tor -f @CONFDIR@/torrc --verify-config +ExecStart=@BINDIR@/tor -f @CONFDIR@/torrc +ExecReload=/bin/kill -HUP ${MAINPID} +KillSignal=SIGINT +TimeoutSec=30 +Restart=on-failure +WatchdogSec=1m +LimitNOFILE=32768 # Hardening -PrivateTmp = yes -PrivateDevices = yes -ProtectHome = yes -ProtectSystem = full -ReadOnlyDirectories = / -ReadWriteDirectories = -@LOCALSTATEDIR@/lib/tor -ReadWriteDirectories = -@LOCALSTATEDIR@/log/tor -NoNewPrivileges = yes -CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE +PrivateTmp=yes +PrivateDevices=yes +ProtectHome=yes +ProtectSystem=full +ReadOnlyDirectories=/ +ReadWriteDirectories=-@LOCALSTATEDIR@/lib/tor +ReadWriteDirectories=-@LOCALSTATEDIR@/log/tor +NoNewPrivileges=yes +CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE [Install] -WantedBy = multi-user.target +WantedBy=multi-user.target |