]>
Commit | Line | Data |
---|---|---|
e0f824e9 PD |
1 | [Unit] |
2 | Description=PowerDNS Authoritative Server | |
adcdfb5f | 3 | Documentation=man:pdns_server(1) man:pdns_control(1) |
6988eae9 | 4 | Documentation=https://doc.powerdns.com |
bf194c7c | 5 | Wants=network-online.target |
e861c4d8 | 6 | After=network-online.target mysqld.service postgresql.service slapd.service mariadb.service |
e0f824e9 PD |
7 | |
8 | [Service] | |
b18fa400 | 9 | ExecStart=@sbindir@/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no |
8f4f86b1 | 10 | Type=notify |
77738678 | 11 | Restart=on-failure |
d327ddf1 KM |
12 | RestartSec=1 |
13 | StartLimitInterval=0 | |
8f4f86b1 RG |
14 | |
15 | # Sandboxing | |
970f340d | 16 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_CHOWN CAP_SYS_CHROOT |
8f4f86b1 RG |
17 | LockPersonality=true |
18 | ProtectControlGroups=true | |
19 | ProtectHome=true | |
20 | ProtectKernelModules=true | |
21 | ProtectKernelTunables=true | |
c50b1f54 PL |
22 | # ProtectSystem=full will disallow write access to /etc and /usr, possibly |
23 | # not being able to write slaved-zones into sqlite3 or zonefiles. | |
90544d2f | 24 | ProtectSystem=full |
90544d2f | 25 | RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 |
8f4f86b1 RG |
26 | RestrictNamespaces=true |
27 | RestrictRealtime=true | |
a3dfb540 RG |
28 | SystemCallArchitectures=native |
29 | SystemCallFilter=~ @clock @debug @module @mount @raw-io @reboot @swap @cpu-emulation @obsolete | |
e0f824e9 PD |
30 | |
31 | [Install] | |
32 | WantedBy=multi-user.target |