Package: cachefilesd
Version: 0.10.10-0.3
Severity: wishlist
Dear Maintainer,
the cachefilesd upstream package includes a systemd .service file, it'd be nice
if it could be installed and used by the Debian package as well.
Even nicer would be to use a modernized/sandboxed version of the .service file
(see attachment, I've forwarded it to the upstream maintainer as well).
Cheers,
David
PS
Might also be helpful to add a "Homepage:
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/cachefilesd.git/";
header to the debian/control file?
[Unit]
Description=Local network file caching management daemon
Documentation=man:cachefilesd(8) man:cachefilesd.conf(5)
ConditionFileNotEmpty=/etc/cachefilesd.conf
ConditionPathIsDirectory=/var/cache/fscache
Wants=modprobe@cachefiles.service
After=modprobe@cachefiles.service
Before=remote-fs.target
[Service]
Type=simple
ProtectSystem=strict
ReadWritePaths=/var/cache/fscache
ProtectHome=tmpfs
PrivateTmp=yes
PrivateDevices=no
DeviceAllow=/dev/cachefiles
DevicePolicy=closed
PrivateNetwork=yes
PrivateIPC=yes
PrivateUsers=no
ProtectHostname=yes
ProtectClock=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectKernelLogs=yes
ProtectControlGroups=yes
RestrictAddressFamilies=none
RestrictNamespaces=yes
LockPersonality=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
PrivateMounts=yes
SystemCallFilter=@basic-io @file-system @io-event @setuid @signal @sync
SystemCallErrorNumber=EPERM
SystemCallArchitectures=native
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_SETGID CAP_SYS_ADMIN CAP_DAC_OVERRIDE
RuntimeDirectory=cachefilesd
ExecStart=/sbin/cachefilesd -n -p /run/cachefilesd/cachefilesd.pid
[Install]
WantedBy=multi-user.target
