systemd.service: Add required attributes

author Aki Tuomi <aki.tuomi@dovecot.fi>

Thu, 18 Aug 2016 10:37:28 +0000 (13:37 +0300)

committer GitLab <gitlab@git.dovecot.net>

Fri, 19 Aug 2016 09:13:36 +0000 (12:13 +0300)
author Aki Tuomi <aki.tuomi@dovecot.fi>
Thu, 18 Aug 2016 10:37:28 +0000 (13:37 +0300)
committer GitLab <gitlab@git.dovecot.net>
Fri, 19 Aug 2016 09:13:36 +0000 (12:13 +0300)
diff --git a/dovecot.service.in b/dovecot.service.in

index 96ed5d62f919aef2c5192dc3030b5a5f5e819897..60fc38640a61574939aa8d55ecc1cd11ca2eb20e 100644 (file)
--- a/dovecot.service.in
+++ b/dovecot.service.in
@@ -24,14 +24,18 @@ After=local-fs.target network.target
  
  [Service]
  Type=forking
+ExecStartPre=-@libexecdir@/dovecot/prestartscript
  ExecStart=@sbindir@/dovecot
  PIDFile=@rundir@/master.pid
  ExecReload=@bindir@/doveadm reload
  ExecStop=@bindir@/doveadm stop
+ExecStopPost=-@libexecdir@/dovecot/poststopscript
  PrivateTmp=true
  NonBlocking=yes
-# Enable this if your systemd is new enough to support it:
-#ProtectSystem=full
+ProtectSystem=full
+PrivateDevices=true
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_CHOWN CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_KILL CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE
  
  [Install]
  WantedBy=multi-user.target
author	Aki Tuomi <aki.tuomi@dovecot.fi>
	Thu, 18 Aug 2016 10:37:28 +0000 (13:37 +0300)
committer	GitLab <gitlab@git.dovecot.net>
	Fri, 19 Aug 2016 09:13:36 +0000 (12:13 +0300)