Overview

File nikau-server@.service of Package nikau

[Unit]
Description=nikau KVM server

[Service]
Type=simple
ProtectSystem=strict
ProtectHome=read-only
ProtectClock=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectKernelLogs=yes
ProtectControlGroups=yes
RestrictNamespaces=yes
LockPersonality=yes
# PrivateTmp breaks the clipboard
PrivateTmp=no
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
MemoryDenyWriteExecute=yes
SystemCallFilter=@system-service
SystemCallErrorNumber=EPERM
DeviceAllow=char-input r
DeviceAllow=/dev/uinput rw

Environment=NIKAU_SERVER_OPTS="--shortcut leftalt,n"
EnvironmentFile=-/run/user/%i/nikau_server_environment
ExecStart=sh -c "/usr/bin/nikau server ${NIKAU_SERVER_OPTS}"
openSUSE Build Service is sponsored by
Places