added global anytun systemd targed, improved device file handling

author: Christian Pointner <equinox@anytun.org> 2016-07-08 00:44:50 +0200
committer: Christian Pointner <equinox@anytun.org> 2016-07-08 00:44:50 +0200
commit: 0ec00df24d857bbfa995c3c365ed43e4d9acb7bb (patch)
tree: dd6f662efed90714a83e3560744fd03b68a04be5 /usr/lib/systemd/system/anytun@.service
parent: actually install anytun-launcher into lib dir (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/usr/lib/systemd/system/anytun@.service b/usr/lib/systemd/system/anytun@.service
index 70fbd17..4b09163 100644
--- a/usr/lib/systemd/system/anytun@.service
+++ b/usr/lib/systemd/system/anytun@.service
@@ -1,6 +1,8 @@
 [Unit]
-Description=secure anycast tunneling daemon
-After=syslog.target network.target
+Description=secure anycast tunneling daemon for %i
+PartOf=anytun.service
+ReloadPropagatedFrom=anytun.service
+Documentation=man:anytun(8)
 
 [Service]
 Type=simple
@@ -9,9 +11,10 @@ Environment="NAME=%i" "DAEMONOPTS=-D -L stdout:3 --username anytun"
 ExecStart=/usr/local/lib/anytun-launcher vpn
 Restart=on-failure
 PrivateTmp=yes
-PrivateDevices=yes
 ProtectSystem=full
 ProtectHome=yes
+DeviceAllow=/dev/net/tun rw
+DevicePolicy=closed
 
 [Install]
 WantedBy=multi-user.target
author	Christian Pointner <equinox@anytun.org>	2016-07-08 00:44:50 +0200
committer	Christian Pointner <equinox@anytun.org>	2016-07-08 00:44:50 +0200
commit	0ec00df24d857bbfa995c3c365ed43e4d9acb7bb (patch)
tree	dd6f662efed90714a83e3560744fd03b68a04be5 /usr/lib/systemd/system/anytun@.service
parent	actually install anytun-launcher into lib dir (diff)