Overview

File nextcloud-spreed-signaling.service.in of Package nextcloud-spreed-signaling

[Unit]
Description=Nextcloud Talk signaling @@SERVICE_NAME@@

[Service]
ExecStart=@@INSTALL_PATH@@/@@BIN_NAME@@ --config %E/@@CONFIG_DIR@@/@@SERVICE_NAME@@.conf
User=@@SERVICE_USER@@
Restart=on-failure

# Makes sure that /etc/signaling is owned by this service
ConfigurationDirectory=@@CONFIG_DIR@@

# Hardening - see systemd.exec(5)
DynamicUser=yes
NoNewPrivileges=yes
PrivateTmp=yes
ProtectSystem=strict
RemoveIPC=yes
RestrictSUIDSGID=yes

CapabilityBoundingSet=
ExecPaths=@@INSTALL_PATH@@/@@BIN_NAME@@ /lib /lib64 /usr/lib /usr/lib64
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoExecPaths=/
PrivateDevices=yes
PrivateUsers=yes
ProcSubset=pid
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectProc=invisible
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=yes
RestrictRealtime=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~ @privileged

[Install]
WantedBy=multi-user.target
openSUSE Build Service is sponsored by
Places