aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoralarig <alarig@swordarmor.fr>2020-03-13 12:06:48 +0100
committeralarig <alarig@swordarmor.fr>2020-03-13 13:16:00 +0100
commit306074bb6b298fbf0a3988372f7f10795b973faf (patch)
treea15b712fe0fe0f3ddf06a5987051c844b10dbe70 /net-misc/FORT-validator/files/fort.service
parentdev-python/black: EAPI bump (diff)
downloadguru-306074bb6b298fbf0a3988372f7f10795b973faf.tar.gz
guru-306074bb6b298fbf0a3988372f7f10795b973faf.tar.bz2
guru-306074bb6b298fbf0a3988372f7f10795b973faf.zip
net-misc/FORT-validator: RPKI validator (new ebuild)
Signed-off-by: Alarig Le Lay <alarig@swordarmor.fr>
Diffstat (limited to 'net-misc/FORT-validator/files/fort.service')
-rw-r--r--net-misc/FORT-validator/files/fort.service35
1 files changed, 35 insertions, 0 deletions
diff --git a/net-misc/FORT-validator/files/fort.service b/net-misc/FORT-validator/files/fort.service
new file mode 100644
index 00000000..4f24f8d1
--- /dev/null
+++ b/net-misc/FORT-validator/files/fort.service
@@ -0,0 +1,35 @@
+[Unit]
+Description=FORT RPKI validator
+Documentation=man:fort(8)
+Documentation=https://nicmx.github.io/FORT-validator/
+
+[Service]
+ExecStart=/usr/bin/fort --configuration-file /etc/fort/config.json
+Type=simple
+User=fort
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+ProtectSystem=strict
+ProtectHome=yes
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectKernelTunables=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+CacheDirectory=fort
+ReadWritePaths=/var/lib/fort/
+ConfigurationDirectory=fort
+ConfigurationDirectory=tals
+StateDirectory=fort
+NoNewPrivileges=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service
+
+[Install]
+WantedBy=multi-user.target