Wolfgang Frisch
5158594da1
- Remove * PrivateDevices=true * ProtectHostname=true * ProtectClock=true * ProtectKernelTunables=true * ProtectKernelModules=true * ProtectKernelLogs=true * RestrictRealtime=true settings from service file as they imply NNP, which doesn't work with the sudo setup sshuttle uses (bsc#1212949) OBS-URL: https://build.opensuse.org/request/show/1096698 OBS-URL: https://build.opensuse.org/package/show/security/sshuttle?expand=0&rev=37
21 lines
582 B
Desktop File
21 lines
582 B
Desktop File
[Unit]
|
|
Description=Simple VPN connection with sshuttle
|
|
After=network-online.target firewalld.service
|
|
Documentation=man:sshuttle
|
|
|
|
[Service]
|
|
# added automatically, for details please see
|
|
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
ProtectSystem=full
|
|
ProtectHome=read-only
|
|
ProtectControlGroups=true
|
|
# end of automatic additions
|
|
Type=simple
|
|
EnvironmentFile=/etc/sysconfig/sshuttle
|
|
User=sshuttle
|
|
ExecStart=/usr/bin/sshuttle $SSHUTTLE_OPTS --remote ${VPN_USER}@${VPN_SERVER} ${NETWORK_TO_ACCESS}
|
|
Restart=on-failure
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|