| 1234567891011121314151617181920212223242526272829 |
- # tor.service -- this systemd configuration file for Tor sets up a
- # relatively conservative, hardened Tor service. You may need to
- # edit it if you are making changes to your Tor configuration that it
- # does not allow. Package maintainers: this should be a starting point
- # for your tor.service; it is not the last point.
- [Unit]
- Description = Anonymizing overlay network for TCP
- After = syslog.target network.target nss-lookup.target
- [Service] Type = notify NotifyAccess = all ExecStartPre = @BINDIR@/tor
- -f @CONFDIR@/torrc --verify-config ExecStart = @BINDIR@/tor -f
- @CONFDIR@/torrc ExecReload = /bin/kill -HUP ${MAINPID} KillSignal =
- SIGINT TimeoutSec = 30 Restart = on-failure WatchdogSec = 1m
- LimitNOFILE = 32768
- # Hardening
- PrivateTmp = yes
- PrivateDevices = yes
- ProtectHome = yes
- ProtectSystem = full
- ReadOnlyDirectories = /
- ReadWriteDirectories = -@LOCALSTATEDIR@/lib/tor
- ReadWriteDirectories = -@LOCALSTATEDIR@/log/tor
- NoNewPrivileges = yes
- CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
- [Install]
- WantedBy = multi-user.target
|
