| 1234567891011121314151617181920212223242526272829 | # tor.service -- this systemd configuration file for Tor sets up a# relatively conservative, hardened Tor service.  You may need to# edit it if you are making changes to your Tor configuration that it# does not allow.  Package maintainers: this should be a starting point# for your tor.service; it is not the last point.[Unit]Description = Anonymizing overlay network for TCPAfter = syslog.target network.target nss-lookup.target[Service] Type = notify NotifyAccess = all ExecStartPre = @BINDIR@/tor-f @CONFDIR@/torrc --verify-config ExecStart = @BINDIR@/tor -f@CONFDIR@/torrc ExecReload = /bin/kill -HUP ${MAINPID} KillSignal =SIGINT TimeoutSec = 30 Restart = on-failure WatchdogSec = 1mLimitNOFILE = 32768# HardeningPrivateTmp = yesPrivateDevices = yesProtectHome = yesProtectSystem = fullReadOnlyDirectories = /ReadWriteDirectories = -@LOCALSTATEDIR@/lib/torReadWriteDirectories = -@LOCALSTATEDIR@/log/torNoNewPrivileges = yesCapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE[Install]WantedBy = multi-user.target
 |