aboutsummaryrefslogtreecommitdiff
path: root/contrib
diff options
context:
space:
mode:
Diffstat (limited to 'contrib')
-rw-r--r--contrib/dist/tor.service.in19
-rw-r--r--contrib/win32build/tor-mingw.nsi.in2
2 files changed, 13 insertions, 8 deletions
diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in
index 2fe51c75d9..c251158d9a 100644
--- a/contrib/dist/tor.service.in
+++ b/contrib/dist/tor.service.in
@@ -3,22 +3,27 @@ Description = Anonymizing overlay network for TCP
After = syslog.target network.target nss-lookup.target
[Service]
-Type = simple
+Type = notify
+NotifyAccess = all
ExecStartPre = @BINDIR@/tor -f @CONFDIR@/torrc --verify-config
-# A torrc that has "RunAsDaemon 1" won't work with the "simple" service type;
-# let's explicitly override it.
-ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc --RunAsDaemon 0
+ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc
ExecReload = /bin/kill -HUP ${MAINPID}
KillSignal = SIGINT
TimeoutSec = 30
Restart = on-failure
+WatchdogSec = 1m
LimitNOFILE = 32768
# Hardening
PrivateTmp = yes
-DeviceAllow = /dev/null rw
-DeviceAllow = /dev/urandom r
-InaccessibleDirectories = /home
+PrivateDevices = yes
+ProtectHome = yes
+ProtectSystem = full
+ReadOnlyDirectories = /
+ReadWriteDirectories = -@LOCALSTATEDIR@/lib/tor
+ReadWriteDirectories = -@LOCALSTATEDIR@/log/tor
+NoNewPrivileges = yes
+CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
[Install]
WantedBy = multi-user.target
diff --git a/contrib/win32build/tor-mingw.nsi.in b/contrib/win32build/tor-mingw.nsi.in
index 2fb15b8213..4143cf4e97 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
!include "LogicLib.nsh"
!include "FileFunc.nsh"
!insertmacro GetParameters
-!define VERSION "0.2.5.12"
+!define VERSION "0.2.6.10-dev"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/"
!define LICENSE "LICENSE"
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion