diff options
author | David Sommerseth <davids@redhat.com> | 2014-09-18 10:57:53 +0200 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2014-09-18 12:38:22 +0200 |
commit | 8a4566ce4f01a434ac9ea841eae74330368398a0 (patch) | |
tree | b510499d4863f2bed4438ce29a1939219407be8e /distro | |
parent | 9048d50b0a27a724ad088dc4904eb4888b0bca87 (diff) | |
download | openvpn-8a4566ce4f01a434ac9ea841eae74330368398a0.tar.gz openvpn-8a4566ce4f01a434ac9ea841eae74330368398a0.tar.xz openvpn-8a4566ce4f01a434ac9ea841eae74330368398a0.zip |
Add systemd unit file for OpenVPN
This is to encourage all Linux distributions to use a unified systemd
unit file.
This unit file also tries to reduce the capabilities of the running
openvpn process.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: 1411030936-16309-1-git-send-email-openvpn.list@topphemmelig.net
URL: http://article.gmane.org/gmane.network.openvpn.devel/9043
Diffstat (limited to 'distro')
-rw-r--r-- | distro/systemd/openvpn@.service | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/distro/systemd/openvpn@.service b/distro/systemd/openvpn@.service new file mode 100644 index 0000000..7cd36c3 --- /dev/null +++ b/distro/systemd/openvpn@.service @@ -0,0 +1,19 @@ +[Unit] +Description=OpenVPN tunnel for %I +After=syslog.target network.target +Documentation=man:openvpn(8) +Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage +Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO + +[Service] +PrivateTmp=true +Type=forking +PIDFile=/var/run/openvpn/%i.pid +ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf +CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH +LimitNPROC=10 +DeviceAllow=/dev/null rw +DeviceAllow=/dev/net/tun rw + +[Install] +WantedBy=multi-user.target |