[systemd-devel] Newbie systemd-related question - how to run a service w/o anything but network?
Peter Lemenkov
lemenkov at gmail.com
Thu Jul 26 03:09:21 PDT 2012
Hello All.
I'm trying to write a systemd service for epmd (Erlang Port Mapper
Daemon, if someone is curious). its only purpose is to open a TCP port
4369 at 0.0.0.0 and act as a simple messaging (very simple actually)
bus between erlang nodes. I'd like to run it w/o anything and under a
most restricted system account. So far I'm using this service:
================
[Unit]
Description=Erlang Port Mapper Daemon
After=network.target
[Service]
User=nobody
Group=nobody
Type=simple
PrivateTmp=true
NoNewPrivileges=true
ExecStart=/usr/bin/epmd
ExecSop=/usr/bin/epmd -kill
[Install]
WantedBy=multi-user.target
================
Could someone propose me something to restrict it further? it really
doesn't need fs access, no exec, no /dev/* access, etc - just open
socket and send/receive messages. Any advise will be very
appreciated).
--
With best regards, Peter Lemenkov.
More information about the systemd-devel
mailing list