forked from ~ljy/RK356X_SDK_RELEASE

blame | history | raw
hc
2023-05-26 a23f51ed7a39e452c1037343a84d7db1ca2c5bd7 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

[Unit]


Description=Hardware RNG Entropy Gatherer Daemon


DefaultDependencies=no


After=systemd-udev-settle.service


Before=sysinit.target shutdown.target


Wants=systemd-udev-settle.service


Conflicts=shutdown.target


 


[Service]


EnvironmentFile=-@SYSCONFDIR@/default/rng-tools


ExecStart=@SBINDIR@/rngd -f $EXTRA_ARGS


CapabilityBoundingSet=CAP_SYS_ADMIN


IPAddressDeny=any


LockPersonality=yes


MemoryDenyWriteExecute=yes


NoNewPrivileges=yes


PrivateTmp=yes


ProtectControlGroups=yes


ProtectHome=yes


ProtectHostname=yes


ProtectKernelModules=yes


ProtectKernelLogs=yes


ProtectSystem=strict


RestrictAddressFamilies=AF_UNIX


RestrictNamespaces=yes


RestrictRealtime=yes


RestrictSUIDSGID=yes


SystemCallArchitectures=native


SystemCallErrorNumber=EPERM


SystemCallFilter=@system-service


 


[Install]


WantedBy=sysinit.target