yggdrasil-network/yggdrasil-go
1
0
Fork 0
mirror of https://github.com/yggdrasil-network/yggdrasil-go.git synced 2025-11-04 03:05:07 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Systemd: tun module and capabilities

Browse source 
- Enable (and limit to) capabilities that require to setup tun/tap interface.
- Ensure that tun module is active.
This commit is contained in:
Arano-kai 2019-10-02 00:36:33 +03:00
parent 6ddb0f93f3
commit 045a24d74e
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
contrib/systemd/yggdrasil.service
View file

@ -8,6 +8,8 @@ Group=yggdrasil
ProtectHome=true ProtectHome=true
ProtectSystem=true ProtectSystem=true
SyslogIdentifier=yggdrasil SyslogIdentifier=yggdrasil
CapabilityBoundSet=CAP_NET_ADMIN
ExecStartPre=+/sbin/modprobe tun
ExecStartPre=/bin/sh -ec "if ! test -s /etc/yggdrasil.conf; \ ExecStartPre=/bin/sh -ec "if ! test -s /etc/yggdrasil.conf; \
then umask 077; \ then umask 077; \
yggdrasil -genconf > /etc/yggdrasil.conf; \ yggdrasil -genconf > /etc/yggdrasil.conf; \