Bug#810865: infinoted: Add service file

James Valleroy Sat, 28 Mar 2020 11:01:10 -0700

As of policy version 4.5.0, init scripts are now completely optional.

I have attached the latest service file that we are using in FreedomBox. This 
one enables various systemd sandboxing features.

[Unit]
Description=collaborative text editor service
Documentation=man:infinoted(1)
After=network.target


[Service]
User=infinoted
Group=infinoted
ExecStart=/usr/bin/infinoted
ConfigurationDirectory=infinoted
ConfigurationDirectoryMode=0750
LockPersonality=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateMounts=yes
PrivateTmp=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=full
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictRealtime=yes
StateDirectory=infinoted
SystemCallArchitectures=native

[Install]
WantedBy=multi-user.target

signature.asc
Description: OpenPGP digital signature

Bug#810865: infinoted: Add service file

Reply via email to