| 1234567891011121314151617181920212223242526272829 |
- [Unit]
- Description = Anonymizing overlay network for TCP
- After = syslog.target network.target nss-lookup.target
- [Service]
- Type = simple
- ExecStartPre = @BINDIR@/tor -f @CONFDIR@/torrc --verify-config
- # A torrc that has "RunAsDaemon 1" won't work with the "simple" service type;
- # let's explicitly override it.
- ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc --RunAsDaemon 0
- ExecReload = /bin/kill -HUP ${MAINPID}
- KillSignal = SIGINT
- TimeoutSec = 30
- Restart = on-failure
- LimitNOFILE = 32768
- # Hardening
- PrivateTmp = yes
- DeviceAllow = /dev/null rw
- DeviceAllow = /dev/urandom r
- InaccessibleDirectories = /home
- ReadOnlyDirectories = /
- ReadWriteDirectories = @LOCALSTATEDIR@/lib/tor
- ReadWriteDirectories = @LOCALSTATEDIR@/log/tor
- ReadWriteDirectories = @LOCALSTATEDIR@/run/tor
- NoNewPrivileges = yes
- [Install]
- WantedBy = multi-user.target
|
