diff options
author | Max Kellermann <max@musicpd.org> | 2016-12-13 08:42:05 +0100 |
---|---|---|
committer | Max Kellermann <max@musicpd.org> | 2016-12-13 10:24:10 +0100 |
commit | 53e22b81ef026e873c992bca35e27b41580a0bf8 (patch) | |
tree | d9dc27f54eb0251d5929bd761b3e180c40cb9474 /systemd/system | |
parent | 3fc9d50adb9ed1586302ab47bf677f6e72ff7a88 (diff) |
systemd: add "system" sub directory
Diffstat (limited to 'systemd/system')
-rw-r--r-- | systemd/system/mpd.service.in | 26 | ||||
-rw-r--r-- | systemd/system/mpd.socket | 9 |
2 files changed, 35 insertions, 0 deletions
diff --git a/systemd/system/mpd.service.in b/systemd/system/mpd.service.in new file mode 100644 index 000000000..250ab521c --- /dev/null +++ b/systemd/system/mpd.service.in @@ -0,0 +1,26 @@ +[Unit] +Description=Music Player Daemon +After=network.target sound.target + +[Service] +ExecStart=@prefix@/bin/mpd --no-daemon + +# allow MPD to use real-time priority 50 +LimitRTPRIO=50 +LimitRTTIME=infinity + +# disallow writing to /usr, /bin, /sbin, ... +ProtectSystem=yes + +# more paranoid security settings +NoNewPrivileges=yes +ProtectKernelTunables=yes +ProtectControlGroups=yes +ProtectKernelModules=yes +# AF_NETLINK is required by libsmbclient, or it will exit() .. *sigh* +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK +RestrictNamespaces=yes + +[Install] +WantedBy=multi-user.target +Also=mpd.socket diff --git a/systemd/system/mpd.socket b/systemd/system/mpd.socket new file mode 100644 index 000000000..c4692592c --- /dev/null +++ b/systemd/system/mpd.socket @@ -0,0 +1,9 @@ +[Socket] +ListenStream=/run/mpd/socket +ListenStream=6600 +Backlog=5 +KeepAlive=true +PassCredentials=true + +[Install] +WantedBy=sockets.target |