projects / thirdparty / pdns.git / blame
| Commit | Line | Data |
|---|---|---|
| e0f824e9 PD |
1 | [Unit] |
| 2 | Description=PowerDNS Authoritative Server | |
| adcdfb5f | 3 | Documentation=man:pdns_server(1) man:pdns_control(1) |
| 6988eae9 | 4 | Documentation=https://doc.powerdns.com |
| bf194c7c | 5 | Wants=network-online.target |
| e861c4d8 | 6 | After=network-online.target mysqld.service postgresql.service slapd.service mariadb.service |
| e0f824e9 PD |
7 | |
| 8 | [Service] | |
| b18fa400 | 9 | ExecStart=@sbindir@/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no |
| 8f4f86b1 | 10 | Type=notify |
| 77738678 | 11 | Restart=on-failure |
| d327ddf1 KM |
12 | RestartSec=1 |
| 13 | StartLimitInterval=0 | |
| 8f4f86b1 RG |
14 | |
| 15 | # Sandboxing | |
| 970f340d | 16 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_CHOWN CAP_SYS_CHROOT |
| 8f4f86b1 RG |
17 | LockPersonality=true |
| 18 | ProtectControlGroups=true | |
| 19 | ProtectHome=true | |
| 20 | ProtectKernelModules=true | |
| 21 | ProtectKernelTunables=true | |
| c50b1f54 PL |
22 | # ProtectSystem=full will disallow write access to /etc and /usr, possibly |
| 23 | # not being able to write slaved-zones into sqlite3 or zonefiles. | |
| 90544d2f | 24 | ProtectSystem=full |
| 90544d2f | 25 | RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 |
| 8f4f86b1 RG |
26 | RestrictNamespaces=true |
| 27 | RestrictRealtime=true | |
| a3dfb540 RG |
28 | SystemCallArchitectures=native |
| 29 | SystemCallFilter=~ @clock @debug @module @mount @raw-io @reboot @swap @cpu-emulation @obsolete | |
| e0f824e9 PD |
30 | |
| 31 | [Install] | |
| 32 | WantedBy=multi-user.target |