summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/rng-tools/rng-tools/rng-tools.service
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-support/rng-tools/rng-tools/rng-tools.service')
-rw-r--r--meta/recipes-support/rng-tools/rng-tools/rng-tools.service32
1 files changed, 32 insertions, 0 deletions
diff --git a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service
new file mode 100644
index 0000000000..5ae2fba215
--- /dev/null
+++ b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service
@@ -0,0 +1,32 @@
1[Unit]
2Description=Hardware RNG Entropy Gatherer Daemon
3DefaultDependencies=no
4Conflicts=shutdown.target
5Before=sysinit.target shutdown.target
6ConditionVirtualization=!container
7
8[Service]
9EnvironmentFile=-@SYSCONFDIR@/default/rng-tools
10ExecStart=@SBINDIR@/rngd -f $EXTRA_ARGS
11CapabilityBoundingSet=CAP_SYS_ADMIN
12IPAddressDeny=any
13LockPersonality=yes
14MemoryDenyWriteExecute=yes
15NoNewPrivileges=yes
16PrivateTmp=yes
17ProtectControlGroups=yes
18ProtectHome=yes
19ProtectHostname=yes
20ProtectKernelModules=yes
21ProtectKernelLogs=yes
22ProtectSystem=strict
23RestrictAddressFamilies=AF_UNIX
24RestrictNamespaces=yes
25RestrictRealtime=yes
26RestrictSUIDSGID=yes
27SystemCallArchitectures=native
28SystemCallErrorNumber=EPERM
29SystemCallFilter=@system-service
30
31[Install]
32WantedBy=sysinit.target
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-09 06:06:35 +0000