ngircd

Free, portable and lightweight Internet Relay Chat server http://ngircd.barton.de/
Log | Files | Refs | README | LICENSE

commit f0532c98cd2fcd1443f8f80ed45772d56bf4cd9e
parent 9e0e955daf57b997792ca55a236498694ce634e2
Author: Alexander Barton <alex@barton.de>
Date:   Fri,  6 Jan 2017 00:34:51 +0100

Enhance systemd service file

- Add homepage :-)
- Remote CAP_SETUID and CAP_SETGID from CapabilityBoundingSet: This is
  nor needed, because the unit already sets User=irc and Group=irc.
- Add RestrictAddressFamilies, and restrict it to AF_INET and AF_INET6.
- Read in the Debian "default files", but note: only PARAMS is supported!

Diffstat:
Mcontrib/ngircd.service | 10+++++++---
1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/contrib/ngircd.service b/contrib/ngircd.service @@ -1,21 +1,25 @@ [Unit] Description=Next Generation IRC Daemon -Documentation=man:ngircd(8) man:ngircd.conf(5) +Documentation=man:ngircd(8) man:ngircd.conf(5) https://ngircd.barton.de After=network.target [Service] Type=forking User=irc Group=irc -CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SYS_CHROOT CAP_NET_BIND_SERVICE +CapabilityBoundingSet=CAP_SYS_CHROOT CAP_NET_BIND_SERVICE PrivateTmp=yes PrivateDevices=yes ProtectSystem=full ProtectHome=true NoNewPrivileges=true +RestrictAddressFamilies=AF_INET AF_INET6 RuntimeDirectory=ircd RuntimeDirectoryMode=750 -ExecStart=/usr/sbin/ngircd +EnvironmentFile=-/etc/default/ngircd +EnvironmentFile=-/etc/default/ngircd-full +EnvironmentFile=-/etc/default/ngircd-full-dbg +ExecStart=/usr/sbin/ngircd $PARAMS ExecReload=/bin/kill -HUP $MAINPID Restart=on-failure