summaryrefslogtreecommitdiff
blob: 8fcc6740ed918840164695e70fa82fb53aa41129 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[Unit]
Description=The Onion Router

[Service]
ExecStartPre=/usr/bin/tor --verify-config -f /etc/tor/torrc
ExecStart=/usr/bin/tor --RunAsDaemon 0 -f /etc/tor/torrc
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGINT
TimeoutStopSec=32
LimitNOFILE=30000

# Hardening options:
CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
PrivateTmp = yes
PrivateDevices = yes
ProtectHome = yes
ProtectSystem = full
NoNewPrivileges = yes

[Install]
WantedBy=multi-user.target