| Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 1 | [Unit] |
| 2 | Description=Hardware RNG Entropy Gatherer Daemon |
| Brad Bishop | 08902b0 | 2019-08-20 09:16:51 -0400 | [diff] [blame] | 3 | DefaultDependencies=no |
| Brad Bishop | 08902b0 | 2019-08-20 09:16:51 -0400 | [diff] [blame] | 4 | Conflicts=shutdown.target |
| Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame^] | 5 | Before=sysinit.target shutdown.target |
| 6 | ConditionVirtualization=!container |
| Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 7 | |
| 8 | [Service] |
| Brad Bishop | 15ae250 | 2019-06-18 21:44:24 -0400 | [diff] [blame] | 9 | EnvironmentFile=-@SYSCONFDIR@/default/rng-tools |
| 10 | ExecStart=@SBINDIR@/rngd -f $EXTRA_ARGS |
| Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 11 | CapabilityBoundingSet=CAP_SYS_ADMIN |
| 12 | IPAddressDeny=any |
| 13 | LockPersonality=yes |
| 14 | MemoryDenyWriteExecute=yes |
| 15 | NoNewPrivileges=yes |
| 16 | PrivateTmp=yes |
| 17 | ProtectControlGroups=yes |
| 18 | ProtectHome=yes |
| 19 | ProtectHostname=yes |
| 20 | ProtectKernelModules=yes |
| 21 | ProtectKernelLogs=yes |
| 22 | ProtectSystem=strict |
| 23 | RestrictAddressFamilies=AF_UNIX |
| 24 | RestrictNamespaces=yes |
| 25 | RestrictRealtime=yes |
| 26 | RestrictSUIDSGID=yes |
| 27 | SystemCallArchitectures=native |
| 28 | SystemCallErrorNumber=EPERM |
| 29 | SystemCallFilter=@system-service |
| Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 30 | |
| 31 | [Install] |
| Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 32 | WantedBy=sysinit.target |