Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/mail-filter/dcc/files/dccifd.service
diff options
context:
space:
mode:
Diffstat (limited to 'mail-filter/dcc/files/dccifd.service')
-rw-r--r--mail-filter/dcc/files/dccifd.service34
1 files changed, 34 insertions, 0 deletions
diff --git a/mail-filter/dcc/files/dccifd.service b/mail-filter/dcc/files/dccifd.service
new file mode 100644
index 000000000000..4055a752f933
--- /dev/null
+++ b/mail-filter/dcc/files/dccifd.service
@@ -0,0 +1,34 @@
+[Unit]
+Description=DCC (Distributed Checksum Clearinghouses) interface daemon
+
+[Service]
+Type=forking
+PermissionsStartOnly=true
+RuntimeDirectory=dcc
+ConfigurationDirectory=dcc
+LogsDirectory=dcc
+StateDirectory=dcc
+ExecStart=/usr/sbin/dccifd
+
+#DCC writes pid file with "-" at the beginning which confuses systemd
+#PIDFile=/run/dcc/dccifd.pid
+
+# Hardening
+ProtectSystem=strict
+PrivateDevices=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+RestrictRealtime=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectHostname=true
+ProtectClock=true
+PrivateTmp=true
+SystemCallArchitectures=native
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target
+