Hello All. I'm trying to write a systemd service for epmd (Erlang Port Mapper Daemon, if someone is curious). its only purpose is to open a TCP port 4369 at 0.0.0.0 and act as a simple messaging (very simple actually) bus between erlang nodes. I'd like to run it w/o anything and under a most restricted system account. So far I'm using this service:
================ [Unit] Description=Erlang Port Mapper Daemon After=network.target [Service] User=nobody Group=nobody Type=simple PrivateTmp=true NoNewPrivileges=true ExecStart=/usr/bin/epmd ExecSop=/usr/bin/epmd -kill [Install] WantedBy=multi-user.target ================ Could someone propose me something to restrict it further? it really doesn't need fs access, no exec, no /dev/* access, etc - just open socket and send/receive messages. Any advise will be very appreciated). -- With best regards, Peter Lemenkov. _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
