add LogDir, ProtectSystem=yes and capabilities to bind ports
This commit is contained in:
lod
parent
70772806c8
commit
a42bb63039
1 changed files with 3 additions and 2 deletions
|
|
@ -8,11 +8,12 @@ Type=forking
|
|||
ExecStart=/usr/bin/ncam -b
|
||||
User=ncam
|
||||
ConfigurationDirectory=ncam
|
||||
LogsDirectory=ncam
|
||||
PrivateTmp=yes
|
||||
ProtectHome=yes
|
||||
ProtectSystem=strict
|
||||
ProtectSystem=yes
|
||||
NoNewPrivileges=yes
|
||||
ReadWritePaths=-/var/lib/ncam
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
|||
Loading…
Reference in a new issue