# It is not recommended to modify this file in-place, because it will # be overwritten during package upgrades. If you want to add further # options or overwrite existing ones then use # $ systemctl edit dashd.service # See "man systemd.service" for details. # Note that almost all daemon options could be specified in # /etc/dash/dash.conf, except for those explicitly specified as arguments # in ExecStart= [Unit] Description=Dash daemon After=network.target [Service] ExecStart=/usr/bin/dashd -daemon \ -pid=/run/dashd/dashd.pid \ -conf=/etc/dash/dash.conf \ -datadir=/var/lib/dashd # Process management #################### Type=forking PIDFile=/run/dashd/dashd.pid Restart=on-failure TimeoutStopSec=600 # Directory creation and permissions #################################### # Run as dash:dash User=dashcore Group=dashcore # /run/dashd RuntimeDirectory=dashd RuntimeDirectoryMode=0710 # /etc/dash ConfigurationDirectory=dash ConfigurationDirectoryMode=0710 # /var/lib/dashd StateDirectory=dashd StateDirectoryMode=0710 # Hardening measures #################### # Provide a private /tmp and /var/tmp. PrivateTmp=true # Mount /usr, /boot/ and /etc read-only for the process. ProtectSystem=full # Disallow the process and all of its children to gain # new privileges through execve(). NoNewPrivileges=true # Use a new /dev namespace only populated with API pseudo devices # such as /dev/null, /dev/zero and /dev/random. PrivateDevices=true # Deny the creation of writable and executable memory mappings. MemoryDenyWriteExecute=true [Install] WantedBy=multi-user.target