mirror of https://github.com/BOINC/boinc.git
38 lines
1.1 KiB
SYSTEMD
38 lines
1.1 KiB
SYSTEMD
[Unit]
|
|
Description=Berkeley Open Infrastructure Network Computing Client
|
|
Documentation=man:boinc(1)
|
|
After=network-online.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
ProtectHome=true
|
|
ProtectSystem=strict
|
|
ProtectControlGroups=true
|
|
ReadWritePaths=-/var/lib/boinc -/etc/boinc-client
|
|
Nice=10
|
|
User=boinc
|
|
WorkingDirectory=/var/lib/boinc
|
|
ExecStart=@exec_prefix@/bin/boinc
|
|
ExecStop=@exec_prefix@/bin/boinccmd --quit
|
|
ExecReload=@exec_prefix@/bin/boinccmd --read_cc_config
|
|
ExecStopPost=/bin/rm -f lockfile
|
|
IOSchedulingClass=idle
|
|
# The following options prevent setuid root as they imply NoNewPrivileges=true
|
|
# Since Atlas requires setuid root, they break Atlas
|
|
# In order to improve security, if you're not using Atlas,
|
|
# Add these options to the [Service] section of an override file using
|
|
# sudo systemctl edit boinc-client.service
|
|
#NoNewPrivileges=true
|
|
#ProtectKernelModules=true
|
|
#ProtectKernelTunables=true
|
|
#RestrictRealtime=true
|
|
#RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
|
#RestrictNamespaces=true
|
|
#PrivateUsers=true
|
|
#CapabilityBoundingSet=
|
|
#MemoryDenyWriteExecute=true
|
|
#PrivateTmp=true #Block X11 idle detection
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|