[Unit] Description=Rotonda Documentation=man:rotonda(1) After=network.target [Service] ExecStart=/usr/bin/rotonda --config=/etc/rotonda/rotonda.conf Type=exec Restart=on-failure User=rotonda AmbientCapabilities=CAP_NET_BIND_SERVICE CapabilityBoundingSet=CAP_NET_BIND_SERVICE LockPersonality=yes #MemoryDenyWriteExecute=yes # new roto needs this disabled NoNewPrivileges=yes PrivateDevices=yes PrivateTmp=yes ProtectControlGroups=yes ProtectHome=yes ProtectKernelModules=yes ProtectKernelTunables=yes ProtectSystem=strict ReadWritePaths=/var/lib/rotonda/ RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 RestrictNamespaces=yes RestrictRealtime=yes StateDirectory=rotonda SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service [Install] WantedBy=multi-user.target