From: Aki Tuomi <aki.tuomi@dovecot.fi>
Date: Thu, 18 Aug 2016 10:37:28 +0000 (+0300)
Subject: systemd.service: Add required attributes
X-Git-Tag: 2.3.0.rc1~3121
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=563c1e3b45bbb69bc67b75ff7a899699bea18e88;p=thirdparty%2Fdovecot%2Fcore.git

systemd.service: Add required attributes
---

diff --git a/dovecot.service.in b/dovecot.service.in
index 96ed5d62f9..60fc38640a 100644
--- a/dovecot.service.in
+++ b/dovecot.service.in
@@ -24,14 +24,18 @@ After=local-fs.target network.target
 
 [Service]
 Type=forking
+ExecStartPre=-@libexecdir@/dovecot/prestartscript
 ExecStart=@sbindir@/dovecot
 PIDFile=@rundir@/master.pid
 ExecReload=@bindir@/doveadm reload
 ExecStop=@bindir@/doveadm stop
+ExecStopPost=-@libexecdir@/dovecot/poststopscript
 PrivateTmp=true
 NonBlocking=yes
-# Enable this if your systemd is new enough to support it:
-#ProtectSystem=full
+ProtectSystem=full
+PrivateDevices=true
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_CHOWN CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_KILL CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE
 
 [Install]
 WantedBy=multi-user.target