net-dns/knot: enhance systemd service security

Suggested-by: hexumg <hexumg@gmail.com> Bug: https://bugs.gentoo.org/606644
author: Pierre-Olivier Mercier <nemunaire@nemunai.re> 2017-08-16 13:37:28 +0200
committer: Michał Górny <mgorny@gentoo.org> 2017-08-22 11:07:01 +0200
commit: 91cdae70f2fa6322ff9b38336b24312bdd3c3810 (patch)
tree: 78c074ebd0153c7d5dfde1eced5e7535dd68d0fe /net-dns/knot/files
parent: net-dns/knot: Add dependency to dev-python/lmdb (diff)
download: gentoo-91cdae70f2fa6322ff9b38336b24312bdd3c3810.tar.gz
gentoo-91cdae70f2fa6322ff9b38336b24312bdd3c3810.tar.bz2
gentoo-91cdae70f2fa6322ff9b38336b24312bdd3c3810.zip
1 files changed, 17 insertions, 0 deletions
diff --git a/net-dns/knot/files/knot-1.service b/net-dns/knot/files/knot-1.service
new file mode 100644
index 000000000000..14a34a2b211f
--- /dev/null
+++ b/net-dns/knot/files/knot-1.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Knot high-performance DNS Server
+After=network.target
+
+[Service]
+ExecStart=/usr/sbin/knotd
+ExecReload=/usr/sbin/knotc reload
+ExecStop=/usr/sbin/knotc stop
+PrivateTmp=true
+User=knot
+Group=knot
+RuntimeDirectory=knot
+RuntimeDirectoryMode=750
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
author	Pierre-Olivier Mercier <nemunaire@nemunai.re>	2017-08-16 13:37:28 +0200
committer	Michał Górny <mgorny@gentoo.org>	2017-08-22 11:07:01 +0200
commit	91cdae70f2fa6322ff9b38336b24312bdd3c3810 (patch)
tree	78c074ebd0153c7d5dfde1eced5e7535dd68d0fe /net-dns/knot/files
parent	net-dns/knot: Add dependency to dev-python/lmdb (diff)
download	gentoo-91cdae70f2fa6322ff9b38336b24312bdd3c3810.tar.gz gentoo-91cdae70f2fa6322ff9b38336b24312bdd3c3810.tar.bz2 gentoo-91cdae70f2fa6322ff9b38336b24312bdd3c3810.zip