add LogDir, ProtectSystem=yes and capabilities to bind ports
This commit is contained in:
lod
parent
70772806c8
commit
a42bb63039
1 changed files with 3 additions and 2 deletions
|
|
@ -8,11 +8,12 @@ Type=forking
|
||||||
ExecStart=/usr/bin/ncam -b
|
ExecStart=/usr/bin/ncam -b
|
||||||
User=ncam
|
User=ncam
|
||||||
ConfigurationDirectory=ncam
|
ConfigurationDirectory=ncam
|
||||||
|
LogsDirectory=ncam
|
||||||
PrivateTmp=yes
|
PrivateTmp=yes
|
||||||
ProtectHome=yes
|
ProtectHome=yes
|
||||||
ProtectSystem=strict
|
ProtectSystem=yes
|
||||||
NoNewPrivileges=yes
|
NoNewPrivileges=yes
|
||||||
ReadWritePaths=-/var/lib/ncam
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue