From 0ec00df24d857bbfa995c3c365ed43e4d9acb7bb Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@anytun.org>
Date: Fri, 8 Jul 2016 00:44:50 +0200
Subject: added global anytun systemd targed, improved device file handling

---
 usr/lib/systemd/system/anytun@.service | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'usr/lib/systemd/system/anytun@.service')

diff --git a/usr/lib/systemd/system/anytun@.service b/usr/lib/systemd/system/anytun@.service
index 70fbd17..4b09163 100644
--- a/usr/lib/systemd/system/anytun@.service
+++ b/usr/lib/systemd/system/anytun@.service
@@ -1,6 +1,8 @@
 [Unit]
-Description=secure anycast tunneling daemon
-After=syslog.target network.target
+Description=secure anycast tunneling daemon for %i
+PartOf=anytun.service
+ReloadPropagatedFrom=anytun.service
+Documentation=man:anytun(8)
 
 [Service]
 Type=simple
@@ -9,9 +11,10 @@ Environment="NAME=%i" "DAEMONOPTS=-D -L stdout:3 --username anytun"
 ExecStart=/usr/local/lib/anytun-launcher vpn
 Restart=on-failure
 PrivateTmp=yes
-PrivateDevices=yes
 ProtectSystem=full
 ProtectHome=yes
+DeviceAllow=/dev/net/tun rw
+DevicePolicy=closed
 
 [Install]
 WantedBy=multi-user.target
-- 
cgit v1.2.3