- haveged can be run as an application if also running as a daemon (Closes: #998382). Signed-off-by: Daniel Baumann <daniel@debian.org>
This commit is contained in:
parent
10d5974907
commit
363454abff
GPG key ID:
FBB4F0E80A80222F
54 changed files with 6554 additions and 5557 deletions
31
contrib/Fedora/haveged-once.service
Normal file
31
contrib/Fedora/haveged-once.service
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
[Unit]
|
||||
Description=Entropy Daemon based on the HAVEGE algorithm
|
||||
Documentation=man:haveged(8) http://www.issihosts.com/haveged/
|
||||
DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --once --Foreground
|
||||
SuccessExitStatus=137 143
|
||||
|
||||
SecureBits=noroot-locked
|
||||
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SYS_CHROOT
|
||||
# We can *not* set PrivateTmp=true as it can cause an ordering cycle.
|
||||
PrivateTmp=false
|
||||
PrivateDevices=true
|
||||
# We can *not* set PrivateNetwork=true to allow command mode (chroot when included in initramfs)
|
||||
#PrivateNetwork=true
|
||||
ProtectSystem=full
|
||||
ProtectHome=true
|
||||
ProtectHostname=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectKernelModules=true
|
||||
RestrictNamespaces=true
|
||||
RestrictRealtime=true
|
||||
|
||||
LockPersonality=true
|
||||
MemoryDenyWriteExecute=true
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=@system-service
|
||||
SystemCallFilter=~@mount
|
||||
SystemCallErrorNumber=EPERM
|
||||
Loading…
Add table
Add a link
Reference in a new issue