|
|
@@ -6,7 +6,7 @@ After = syslog.target network.target nss-lookup.target
|
|
|
Type = notify
|
|
|
NotifyAccess = all
|
|
|
ExecStartPre = @BINDIR@/tor -f @CONFDIR@/torrc --verify-config
|
|
|
-ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc
|
|
|
+ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc
|
|
|
ExecReload = /bin/kill -HUP ${MAINPID}
|
|
|
KillSignal = SIGINT
|
|
|
TimeoutSec = 30
|
|
|
@@ -22,8 +22,9 @@ ProtectSystem = full
|
|
|
ReadOnlyDirectories = /
|
|
|
ReadWriteDirectories = -@LOCALSTATEDIR@/lib/tor
|
|
|
ReadWriteDirectories = -@LOCALSTATEDIR@/log/tor
|
|
|
-ReadWriteDirectories = -@LOCALSTATEDIR@/run/tor
|
|
|
NoNewPrivileges = yes
|
|
|
+ReadWriteDirectories = -@LOCALSTATEDIR@/run/tor
|
|
|
+CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
|
|
|
|
|
|
[Install]
|
|
|
WantedBy = multi-user.target
|
Nick Mathewson