34 lines
943 B
SYSTEMD
34 lines
943 B
SYSTEMD
|
[Unit]
|
||
|
|
Description=Entropy Daemon based on the HAVEGE algorithm
|
||
|
|
Documentation=man:haveged(8) http://www.issihosts.com/haveged/
|
||
|
|
DefaultDependencies=no
|
||
|
|
After=apparmor.service systemd-tmpfiles-setup.service systemd-tmpfiles-setup-dev.service
|
||
|
|
Before=sysinit.target shutdown.target
|
||
|
|
|
||
|
|
[Service]
|
||
|
|
EnvironmentFile=-/etc/default/haveged
|
||
|
|
ExecStart=/usr/sbin/haveged --Foreground --verbose=1 $DAEMON_ARGS
|
||
|
|
Restart=always
|
||
|
|
SuccessExitStatus=137 143
|
||
|
|
SecureBits=noroot-locked
|
||
|
|
CapabilityBoundingSet=CAP_SYS_ADMIN
|
||
|
|
PrivateTmp=true
|
||
|
|
PrivateDevices=true
|
||
|
|
PrivateNetwork=true
|
||
|
|
ProtectSystem=full
|
||
|
|
ProtectHome=true
|
||
|
|
ProtectHostname=true
|
||
|
|
ProtectKernelLogs=true
|
||
|
|
ProtectKernelModules=true
|
||
|
|
RestrictNamespaces=true
|
||
|
|
RestrictRealtime=true
|
||
|
|
|
||
|
|
LockPersonality=true
|
||
|
|
MemoryDenyWriteExecute=true
|
||
|
|
SystemCallArchitectures=native
|
||
|
|
SystemCallFilter=@basic-io @file-system @io-event @network-io @signal
|
||
|
|
SystemCallFilter=arch_prctl brk ioctl mprotect sysinfo
|
||
|
|
|
||
|
|
[Install]
|
||
|
|
WantedBy=sysinit.target
|