pdns/pdns.service.in

   1 [Unit]
   2 Description=PowerDNS Authoritative Server
   3 Documentation=man:pdns_server(1) man:pdns_control(1)
   4 Documentation=https://doc.powerdns.com
   5 Wants=network-online.target
   6 After=network-online.target mysqld.service postgresql.service slapd.service mariadb.service
   7
   8 [Service]
   9 ExecStart=@sbindir@/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
  10 Type=notify
  11 Restart=on-failure
  12 RestartSec=1
  13 StartLimitInterval=0
  14
  15 # Sandboxing
  16 CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_CHOWN CAP_SYS_CHROOT
  17 LockPersonality=true
  18 ProtectControlGroups=true
  19 ProtectHome=true
  20 ProtectKernelModules=true
  21 ProtectKernelTunables=true
  22 # ProtectSystem=full will disallow write access to /etc and /usr, possibly
  23 # not being able to write slaved-zones into sqlite3 or zonefiles.
  24 ProtectSystem=full
  25 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
  26 RestrictNamespaces=true
  27 RestrictRealtime=true
  28 SystemCallArchitectures=native
  29 SystemCallFilter=~ @clock @debug @module @mount @raw-io @reboot @swap @cpu-emulation @obsolete
  30
  31 [Install]
  32 WantedBy=multi-user.target