pdns/recursordist/pdns-recursor.service.in

   1 [Unit]
   2 Description=PowerDNS Recursor
   3 Documentation=man:pdns_recursor(1) man:rec_control(1)
   4 Documentation=https://doc.powerdns.com
   5 Wants=network-online.target nss-lookup.target
   6 Before=nss-lookup.target
   7 After=network-online.target
   8
   9 [Service]
  10 ExecStart=@sbindir@/pdns_recursor --daemon=no --write-pid=no --disable-syslog --log-timestamp=no
  11 User=@service_user@
  12 Group=@service_group@
  13 Type=notify
  14 Restart=on-failure
  15 StartLimitInterval=0
  16
  17 # Tuning
  18 LimitNOFILE=16384
  19
  20 # Sandboxing
  21 CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN
  22 AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_CHOWN
  23 LockPersonality=true
  24 NoNewPrivileges=true
  25 PrivateDevices=true
  26 PrivateTmp=true
  27 ProtectControlGroups=true
  28 ProtectHome=true
  29 ProtectKernelModules=true
  30 ProtectKernelTunables=true
  31 ProtectSystem=full
  32 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
  33 RestrictNamespaces=true
  34 RestrictRealtime=true
  35 SystemCallArchitectures=native
  36 SystemCallFilter=~ @clock @debug @module @mount @raw-io @reboot @swap @cpu-emulation @obsolete
  37
  38 [Install]
  39 WantedBy=multi-user.target