[Unit]
Description=Intel(R) Architectural Enclave Service Manager 
After=syslog.target network.target auditd.service

[Service]
User=aesmd
Type=forking
Environment=NAME=aesm_service
Environment=AESM_PATH=@aesm_folder@
ExecStart=@aesm_folder@/aesm_service
InaccessibleDirectories=/home
ExecReload=/bin/kill -SIGUP $MAINPID
Restart=on-failure
RestartSec=15s
DevicePolicy=closed
DeviceAllow=/dev/isgx rw
[Install]
WantedBy=multi-user.target