fix: add CAP_SETGID to gigi-standalone bounding set
[gigi.git] / debian / gigi-standalone.service
1 [Unit]
2 Description=Gigi Webserver module for ET, stand-alone
3 Wants=postgresql@9.4-main.service
4 After=postgresql@9.4-main.service
5 Conflicts=gigi-proxy.service
6
7 [Service]
8 ExecStart=/usr/bin/java -cp /usr/share/java/postgresql-jdbc4.jar:/usr/share/java/gigi.jar org.cacert.gigi.Launcher /etc/cacert/gigi/conf.tar
9 CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETUID CAP_SETGID
10 WorkingDirectory=/var/lib/cacert-gigi
11 PrivateTmp=yes
12 PrivateDevices=yes
13 ProtectSystem=full
14 ProtectHome=yes