Last active
July 17, 2018 20:16
-
-
Save bellflower2015/52891f8d95d568156bde2263982fbbf9 to your computer and use it in GitHub Desktop.
/etc/systemd/system/wavid.service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# /etc/systemd/system/wavid.service | |
# usage: | |
# systemctl daemon-reload | |
# systemctl enable wavid | |
# systemctl start wavid | |
# | |
[Unit] | |
Description=Wavi daemon | |
After=network.target | |
[Service] | |
Environment=MALLOC_ARENA_MAX=1 | |
ExecStart=/usr/local/bin/wavid -conf=/root/.wavicore/wavi.conf -pid=/run/wavid/wavid.pid -disablewallet | |
ExecStop=/usr/local/bin/wavi-cli stop | |
RuntimeDirectory=wavid | |
User=root | |
Type=forking | |
PIDFile=/run/wavid/wavid.pid | |
Restart=on-failure | |
# Hardening measures | |
#################### | |
# Provide a private /tmp and /var/tmp. | |
PrivateTmp=true | |
# Mount /usr, /boot/ and /etc read-only for the process. | |
ProtectSystem=full | |
# Disallow the process and all of its children to gain | |
# new privileges through execve(). | |
NoNewPrivileges=true | |
# Use a new /dev namespace only populated with API pseudo devices | |
# such as /dev/null, /dev/zero and /dev/random. | |
PrivateDevices=true | |
# Deny the creation of writable and executable memory mappings. | |
MemoryDenyWriteExecute=true | |
[Install] | |
WantedBy=multi-user.target |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment