From 39e07e62f471cbf40503cdc1926da6fef0cc0a3e Mon Sep 17 00:00:00 2001
From: "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca>
Date: Wed, 15 Aug 2018 13:18:17 -0400
Subject: Source cleanups.

---
 systemd/random-seed-save.service.in | 16 ++++++++++++++++
 systemd/random-seed-save.timer      | 11 +++++++++++
 systemd/random-seed.service.in      | 28 ++++++++++++++++++++++++++++
 3 files changed, 55 insertions(+)
 create mode 100644 systemd/random-seed-save.service.in
 create mode 100644 systemd/random-seed-save.timer
 create mode 100644 systemd/random-seed.service.in

(limited to 'systemd')

diff --git a/systemd/random-seed-save.service.in b/systemd/random-seed-save.service.in
new file mode 100644
index 0000000..e70192b
--- /dev/null
+++ b/systemd/random-seed-save.service.in
@@ -0,0 +1,16 @@
+[Unit]
+Description=Random seed save
+RequiresMountsFor=@default_seed_path_dir@
+After=systemd-remount-fs.service
+
+[Service]
+ExecStart=@sbindir@/random-seed save
+CapabilityBoundingSet=
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateNetwork=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+LockPersonality=yes
+TemporaryFileSystem=/:ro
+BindPaths=@default_seed_path_dir@
diff --git a/systemd/random-seed-save.timer b/systemd/random-seed-save.timer
new file mode 100644
index 0000000..f39227d
--- /dev/null
+++ b/systemd/random-seed-save.timer
@@ -0,0 +1,11 @@
+[Unit]
+Description=Random seed save timer
+ConditionVirtualization=!container
+
+[Timer]
+OnActiveSec=3h
+OnUnitInactiveSec=3h
+AccuracySec=2h
+
+[Install]
+WantedBy=timers.target
diff --git a/systemd/random-seed.service.in b/systemd/random-seed.service.in
new file mode 100644
index 0000000..97bda54
--- /dev/null
+++ b/systemd/random-seed.service.in
@@ -0,0 +1,28 @@
+[Unit]
+Description=Random seed load/save
+Documentation=man:random-seed(8) man:random(4)
+DefaultDependencies=no
+RequiresMountsFor=@default_seed_path_dir@
+Conflicts=shutdown.target
+After=systemd-remount-fs.service
+Before=sysinit.target shutdown.target
+ConditionVirtualization=!container
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=@sbindir@/random-seed load
+ExecStop=@sbindir@/random-seed save
+CapabilityBoundingSet=CAP_SYS_ADMIN
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateNetwork=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+LockPersonality=yes
+TemporaryFileSystem=/:ro
+BindPaths=@default_seed_path_dir@
+TimeoutSec=30s
+
+[Install]
+WantedBy=sysinit.target
-- 
cgit v1.2.3-70-g09d2