File geoipupdate.service of Package geoipupdate

[Unit]
Description=Update of GeoIP2/GeoLite2 databases
Documentation=man:geoipupdate(1) man:GeoIP.conf(5)

[Service]
Type=oneshot

ExecStart=/usr/bin/geoipupdate

AmbientCapabilities=
CapabilityBoundingSet=
KeyringMode=private
LockPersonality=yes
LockPersonality=yes
MemoryDenyWriteExecute=yes
MountFlags=private
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
RemoveIPC=yes
RestrictAddressFamilies=AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
SystemCallFilter=@basic-io @file-system @io-event @network-io @process @signal flock fsync madvise uname

ReadWritePaths=/var/lib/GeoIP
WorkingDirectory=/var/lib/GeoIP