contrib/unbound/contrib/unbound.service.in

   1 [Unit]
   2 Description=Validating, recursive, and caching DNS resolver
   3 Documentation=man:unbound(8)
   4
   5 [Install]
   6 WantedBy=multi-user.target
   7
   8 [Service]
   9 ExecReload=/bin/kill -HUP $MAINPID
  10 ExecStart=@UNBOUND_SBIN_DIR@/unbound
  11 NotifyAccess=main
  12 Type=notify
  13 CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT
  14 MemoryDenyWriteExecute=true
  15 NoNewPrivileges=true
  16 PrivateDevices=true
  17 PrivateTmp=true
  18 ProtectHome=true
  19 ProtectControlGroups=true
  20 ProtectKernelModules=true
  21 ProtectKernelTunables=true
  22 ProtectSystem=strict
  23 ReadWritePaths=@UNBOUND_SYSCONF_DIR@ @UNBOUND_LOCALSTATE_DIR@ /run @UNBOUND_RUN_DIR@
  24 RestrictAddressFamilies=AF_INET AF_UNIX
  25 RestrictRealtime=true
  26 SystemCallArchitectures=native
  27 SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources
  28