| unbound_portable.service.in (361435) | unbound_portable.service.in (368693) |
|---|---|
| 1; This unit file is provided to run unbound as portable service. 2; https://systemd.io/PORTABLE_SERVICES/ 3; 4; To use this unit file, please make sure you either compile unbound with the 5; following options: 6; 7; - --with-chroot-dir="" 8; --- 24 unchanged lines hidden (view full) --- 33PrivateTmp=true 34ProtectHome=true 35ProtectControlGroups=true 36ProtectKernelModules=true 37ProtectSystem=strict 38RuntimeDirectory=unbound 39ConfigurationDirectory=unbound 40StateDirectory=unbound | 1; This unit file is provided to run unbound as portable service. 2; https://systemd.io/PORTABLE_SERVICES/ 3; 4; To use this unit file, please make sure you either compile unbound with the 5; following options: 6; 7; - --with-chroot-dir="" 8; --- 24 unchanged lines hidden (view full) --- 33PrivateTmp=true 34ProtectHome=true 35ProtectControlGroups=true 36ProtectKernelModules=true 37ProtectSystem=strict 38RuntimeDirectory=unbound 39ConfigurationDirectory=unbound 40StateDirectory=unbound |
| 41RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX | 41RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX |
| 42RestrictRealtime=true 43SystemCallArchitectures=native 44SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources 45RestrictNamespaces=yes 46LockPersonality=yes 47RestrictSUIDSGID=yes 48BindPaths=/run/systemd/notify 49BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout | 42RestrictRealtime=true 43SystemCallArchitectures=native 44SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources 45RestrictNamespaces=yes 46LockPersonality=yes 47RestrictSUIDSGID=yes 48BindPaths=/run/systemd/notify 49BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout |