Systemd: tun module and capabilities

- Enable (and limit to) capabilities that require to setup tun/tap interface.
- Ensure that tun module is active.
This commit is contained in:
Arano-kai 2019-10-02 00:36:33 +03:00
parent 6ddb0f93f3
commit 045a24d74e

View File

@ -8,6 +8,8 @@ Group=yggdrasil
ProtectHome=true ProtectHome=true
ProtectSystem=true ProtectSystem=true
SyslogIdentifier=yggdrasil SyslogIdentifier=yggdrasil
CapabilityBoundSet=CAP_NET_ADMIN
ExecStartPre=+/sbin/modprobe tun
ExecStartPre=/bin/sh -ec "if ! test -s /etc/yggdrasil.conf; \ ExecStartPre=/bin/sh -ec "if ! test -s /etc/yggdrasil.conf; \
then umask 077; \ then umask 077; \
yggdrasil -genconf > /etc/yggdrasil.conf; \ yggdrasil -genconf > /etc/yggdrasil.conf; \