mirror of
https://github.com/safing/portmaster
synced 2025-04-25 13:29:10 +00:00
42 lines
1.6 KiB
Desktop File
42 lines
1.6 KiB
Desktop File
[Unit]
|
|
Description=Portmaster by Safing
|
|
Documentation=https://safing.io
|
|
Documentation=https://docs.safing.io
|
|
Before=nss-lookup.target network.target shutdown.target
|
|
After=systemd-networkd.service
|
|
Conflicts=shutdown.target
|
|
Conflicts=firewalld.service
|
|
Wants=nss-lookup.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
Restart=on-failure
|
|
RestartSec=10
|
|
RestartPreventExitStatus=24
|
|
LockPersonality=yes
|
|
MemoryDenyWriteExecute=yes
|
|
MemoryLow=2G
|
|
NoNewPrivileges=yes
|
|
PrivateTmp=yes
|
|
PIDFile=/var/lib/portmaster/core-lock.pid
|
|
Environment=LOGLEVEL=info
|
|
Environment=PORTMASTER_ARGS=
|
|
EnvironmentFile=-/etc/default/portmaster
|
|
ProtectSystem=true
|
|
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
|
|
RestrictNamespaces=yes
|
|
ProtectHome=read-only
|
|
ProtectKernelTunables=yes
|
|
ProtectKernelLogs=yes
|
|
ProtectControlGroups=yes
|
|
PrivateDevices=yes
|
|
AmbientCapabilities=cap_chown cap_kill cap_net_admin cap_net_bind_service cap_net_broadcast cap_net_raw cap_sys_module cap_sys_ptrace cap_dac_override cap_fowner cap_fsetid cap_sys_resource cap_bpf cap_perfmon
|
|
CapabilityBoundingSet=cap_chown cap_kill cap_net_admin cap_net_bind_service cap_net_broadcast cap_net_raw cap_sys_module cap_sys_ptrace cap_dac_override cap_fowner cap_fsetid cap_sys_resource cap_bpf cap_perfmon
|
|
StateDirectory=portmaster
|
|
# TODO(ppacher): add --disable-software-updates once it's merged and the release process changed.
|
|
WorkingDirectory=/var/lib/portmaster
|
|
ExecStart=/usr/lib/portmaster/portmaster-core --log-dir=/var/lib/portmaster/log -- $PORTMASTER_ARGS
|
|
ExecStopPost=-/usr/lib/portmaster/portmaster-core -recover-iptables
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|