Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # This file is part of systemd.
- #
- # systemd is free software; you can redistribute it and/or modify it
- # under the terms of the GNU Lesser General Public License as published by
- # the Free Software Foundation; either version 2.1 of the License, or
- # (at your option) any later version.
- [Unit]
- Description=nspawn container sniproxy
- Documentation=man:systemd-nspawn(1)
- PartOf=machines.target
- Before=machines.target
- After=network.target
- [Service]
- ExecStart=/usr/bin/systemd-nspawn \
- --quiet \
- --keep-unit \
- --boot \
- --link-journal=try-guest \
- --network-veth -U \
- --settings=override \
- --machine=sniproxy \
- --port=80 \
- --port=443
- KillMode=mixed
- Type=notify
- RestartForceExitStatus=133
- SuccessExitStatus=133
- Slice=machine.slice
- Delegate=yes
- TasksMax=16384
- # Enforce a strict device policy, similar to the one nspawn configures
- # when it allocates its own scope unit. Make sure to keep these
- # policies in sync if you change them!
- DevicePolicy=closed
- DeviceAllow=/dev/net/tun rwm
- DeviceAllow=char-pts rw
- # nspawn itself needs access to /dev/loop-control and /dev/loop, to
- # implement the --image= option. Add these here, too.
- DeviceAllow=/dev/loop-control rw
- DeviceAllow=block-loop rw
- DeviceAllow=block-blkext rw
- [Install]
- WantedBy=machines.target
Add Comment
Please, Sign In to add comment
