automatic import of freerouter

author: CoprDistGit <infra@openeuler.org> 2024-08-16 22:05:20 +0000
committer: CoprDistGit <infra@openeuler.org> 2024-08-16 22:05:20 +0000
commit: 71ef4b2e33e682ead93afc90409e5e55e0f83fab (patch)
tree: a0e3b8c2f40011eeb98851744e8689513d4d1e2e /freerouter-p4emu.service
parent: 7c925059f0d92d7f6f2400c8102e5ccec1f1bffb (diff)
1 files changed, 34 insertions, 0 deletions
diff --git a/freerouter-p4emu.service b/freerouter-p4emu.service
new file mode 100644
index 0000000..647f60d
--- /dev/null
+++ b/freerouter-p4emu.service
@@ -0,0 +1,34 @@
+[Unit]
+Description=p4emu specific process of freerouter
+Requires=freerouter.service freerouter-native@cpu_port.service network.target
+After=freerouter.service freerouter-native@cpu_port.service network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/p4emu.bin 127.0.0.1 9080 2 eth1 eth2 veth250
+Restart=always
+RestartSec=5
+WorkingDirectory=/var/lib/freerouter
+User=freerouter
+Group=freerouter
+CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_IPC_LOCK
+AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN CAP_IPC_LOCK
+NoNewPrivileges=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/var/lib/freerouter /etc/freerouter
+PrivateTmp=true
+# PrivateDevices is not possible because some types need access to a physical device.
+PrivateDevices=false
+PrivateNetwork=false
+# Private Users clears all capabilities.
+PrivateUsers=false
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictNamespaces=true
+LockPersonality=true
+RemoveIPC=true
+
+[Install]
+WantedBy=multi-user.target
author	CoprDistGit <infra@openeuler.org>	2024-08-16 22:05:20 +0000
committer	CoprDistGit <infra@openeuler.org>	2024-08-16 22:05:20 +0000
commit	71ef4b2e33e682ead93afc90409e5e55e0f83fab (patch)
tree	a0e3b8c2f40011eeb98851744e8689513d4d1e2e /freerouter-p4emu.service
parent	7c925059f0d92d7f6f2400c8102e5ccec1f1bffb (diff)