blob: 97bda54ac2a1eaab85360ef9e5f12bae14b118ae (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
[Unit]
Description=Random seed load/save
Documentation=man:random-seed(8) man:random(4)
DefaultDependencies=no
RequiresMountsFor=@default_seed_path_dir@
Conflicts=shutdown.target
After=systemd-remount-fs.service
Before=sysinit.target shutdown.target
ConditionVirtualization=!container
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=@sbindir@/random-seed load
ExecStop=@sbindir@/random-seed save
CapabilityBoundingSet=CAP_SYS_ADMIN
NoNewPrivileges=yes
PrivateDevices=yes
PrivateNetwork=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
LockPersonality=yes
TemporaryFileSystem=/:ro
BindPaths=@default_seed_path_dir@
TimeoutSec=30s
[Install]
WantedBy=sysinit.target
|