From 0ec00df24d857bbfa995c3c365ed43e4d9acb7bb Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Fri, 8 Jul 2016 00:44:50 +0200 Subject: added global anytun systemd targed, improved device file handling --- usr/lib/systemd/system/anytun-control@.service | 6 ++++-- usr/lib/systemd/system/anytun.service | 13 +++++++++++++ usr/lib/systemd/system/anytun@.service | 9 ++++++--- 3 files changed, 23 insertions(+), 5 deletions(-) create mode 100644 usr/lib/systemd/system/anytun.service (limited to 'usr/lib/systemd') diff --git a/usr/lib/systemd/system/anytun-control@.service b/usr/lib/systemd/system/anytun-control@.service index e8a2289..4a4fd5e 100644 --- a/usr/lib/systemd/system/anytun-control@.service +++ b/usr/lib/systemd/system/anytun-control@.service @@ -1,7 +1,9 @@ [Unit] -Description=secure anycast tunneling config daemon -After=syslog.target network.target +Description=secure anycast tunneling config daemon for %i +PartOf=anytun.service +ReloadPropagatedFrom=anytun.service Requires=anytun@%i.service +Documentation=man:anytun-controld(8) [Service] Type=simple diff --git a/usr/lib/systemd/system/anytun.service b/usr/lib/systemd/system/anytun.service new file mode 100644 index 0000000..46386f4 --- /dev/null +++ b/usr/lib/systemd/system/anytun.service @@ -0,0 +1,13 @@ +[Unit] +Description=Anytun Service +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/bin/true +ExecReload=/bin/true +WorkingDirectory=/etc/anytun + +[Install] +WantedBy=multi-user.target diff --git a/usr/lib/systemd/system/anytun@.service b/usr/lib/systemd/system/anytun@.service index 70fbd17..4b09163 100644 --- a/usr/lib/systemd/system/anytun@.service +++ b/usr/lib/systemd/system/anytun@.service @@ -1,6 +1,8 @@ [Unit] -Description=secure anycast tunneling daemon -After=syslog.target network.target +Description=secure anycast tunneling daemon for %i +PartOf=anytun.service +ReloadPropagatedFrom=anytun.service +Documentation=man:anytun(8) [Service] Type=simple @@ -9,9 +11,10 @@ Environment="NAME=%i" "DAEMONOPTS=-D -L stdout:3 --username anytun" ExecStart=/usr/local/lib/anytun-launcher vpn Restart=on-failure PrivateTmp=yes -PrivateDevices=yes ProtectSystem=full ProtectHome=yes +DeviceAllow=/dev/net/tun rw +DevicePolicy=closed [Install] WantedBy=multi-user.target -- cgit v1.2.3