mirror of
https://github.com/yggdrasil-network/yggdrasil-go.git
synced 2024-12-03 15:05:25 +00:00
Systemd: tun module and capabilities
- Enable (and limit to) capabilities that require to setup tun/tap interface. - Ensure that tun module is active.
This commit is contained in:
parent
6ddb0f93f3
commit
045a24d74e
@ -8,6 +8,8 @@ Group=yggdrasil
|
|||||||
ProtectHome=true
|
ProtectHome=true
|
||||||
ProtectSystem=true
|
ProtectSystem=true
|
||||||
SyslogIdentifier=yggdrasil
|
SyslogIdentifier=yggdrasil
|
||||||
|
CapabilityBoundSet=CAP_NET_ADMIN
|
||||||
|
ExecStartPre=+/sbin/modprobe tun
|
||||||
ExecStartPre=/bin/sh -ec "if ! test -s /etc/yggdrasil.conf; \
|
ExecStartPre=/bin/sh -ec "if ! test -s /etc/yggdrasil.conf; \
|
||||||
then umask 077; \
|
then umask 077; \
|
||||||
yggdrasil -genconf > /etc/yggdrasil.conf; \
|
yggdrasil -genconf > /etc/yggdrasil.conf; \
|
||||||
|
Loading…
Reference in New Issue
Block a user