gentoo auto-resync : 29:11:2022 - 01:18:33

author: V3n3RiX <venerix@koprulu.sector> 2022-11-29 01:18:33 +0000
committer: V3n3RiX <venerix@koprulu.sector> 2022-11-29 01:18:33 +0000
commit: 56767705335e747c2a8b3f3282e5c1a393352d54 (patch)
tree: db29fcdff8c7ce293aa55e7ba797c1242cd601c0 /mail-filter/dcc/files
parent: ee2ff072f141c81ba073dc664091d2780d4e74e0 (diff)
1 files changed, 34 insertions, 0 deletions
diff --git a/mail-filter/dcc/files/dccifd.service b/mail-filter/dcc/files/dccifd.service
new file mode 100644
index 000000000000..4055a752f933
--- /dev/null
+++ b/mail-filter/dcc/files/dccifd.service
@@ -0,0 +1,34 @@
+[Unit]
+Description=DCC (Distributed Checksum Clearinghouses) interface daemon
+
+[Service]
+Type=forking
+PermissionsStartOnly=true
+RuntimeDirectory=dcc
+ConfigurationDirectory=dcc
+LogsDirectory=dcc
+StateDirectory=dcc
+ExecStart=/usr/sbin/dccifd
+
+#DCC writes pid file with "-" at the beginning which confuses systemd
+#PIDFile=/run/dcc/dccifd.pid
+
+# Hardening
+ProtectSystem=strict
+PrivateDevices=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+RestrictRealtime=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectHostname=true
+ProtectClock=true
+PrivateTmp=true
+SystemCallArchitectures=native
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target
+
author	V3n3RiX <venerix@koprulu.sector>	2022-11-29 01:18:33 +0000
committer	V3n3RiX <venerix@koprulu.sector>	2022-11-29 01:18:33 +0000
commit	56767705335e747c2a8b3f3282e5c1a393352d54 (patch)
tree	db29fcdff8c7ce293aa55e7ba797c1242cd601c0 /mail-filter/dcc/files
parent	ee2ff072f141c81ba073dc664091d2780d4e74e0 (diff)