diff options
author | Christian Pointner <equinox@anytun.org> | 2016-07-08 00:44:50 +0200 |
---|---|---|
committer | Christian Pointner <equinox@anytun.org> | 2016-07-08 00:44:50 +0200 |
commit | 0ec00df24d857bbfa995c3c365ed43e4d9acb7bb (patch) | |
tree | dd6f662efed90714a83e3560744fd03b68a04be5 /usr/lib/systemd/system/anytun@.service | |
parent | actually install anytun-launcher into lib dir (diff) |
added global anytun systemd targed, improved device file handling
Diffstat (limited to 'usr/lib/systemd/system/anytun@.service')
-rw-r--r-- | usr/lib/systemd/system/anytun@.service | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/usr/lib/systemd/system/anytun@.service b/usr/lib/systemd/system/anytun@.service index 70fbd17..4b09163 100644 --- a/usr/lib/systemd/system/anytun@.service +++ b/usr/lib/systemd/system/anytun@.service @@ -1,6 +1,8 @@ [Unit] -Description=secure anycast tunneling daemon -After=syslog.target network.target +Description=secure anycast tunneling daemon for %i +PartOf=anytun.service +ReloadPropagatedFrom=anytun.service +Documentation=man:anytun(8) [Service] Type=simple @@ -9,9 +11,10 @@ Environment="NAME=%i" "DAEMONOPTS=-D -L stdout:3 --username anytun" ExecStart=/usr/local/lib/anytun-launcher vpn Restart=on-failure PrivateTmp=yes -PrivateDevices=yes ProtectSystem=full ProtectHome=yes +DeviceAllow=/dev/net/tun rw +DevicePolicy=closed [Install] WantedBy=multi-user.target |