This unit is provided by:
Options
-
[Install]-
WantedBy=basic.target
-
-
[Service]-
AmbientCapabilities=
-
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER -
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_AUDIT_WRITE -
DeviceAllow=/dev/null rw -
DevicePolicy=closed -
DevicePolicy=strict -
ExecStart=/usr/bin/usbguard-daemon -P -k -c usbguard-daemon-conf -
ExecStart=/usr/bin/usbguard-daemon -f -s -c /etc/usbguard/usbguard-daemon.conf -
ExecStart=/usr/sbin/usbguard-daemon -f -s -c /etc/usbguard/usbguard-daemon.conf -
ExecStartPre=/usr/bin/usbguard-pre-start -
IPAddressDeny=any -
LockPersonalityIntroduced in systemd 235=yes -
MemoryDenyWriteExecuteIntroduced in systemd 231=yes -
NoNewPrivilegesIntroduced in systemd 239=yes -
PIDFile=/run/usbguard.pid -
PrivateDevicesIntroduced in systemd 209=yes -
PrivateTmp=yes -
ProtectControlGroupsIntroduced in systemd 232=yes -
ProtectHomeIntroduced in systemd 214=yes -
ProtectKernelModulesIntroduced in systemd 232=yes -
ProtectSystemIntroduced in systemd 214=yes -
ReadOnlyPaths=-/ -
ReadWritePaths=-/dev/shm -/tmp -
ReadWritePaths=-/dev/shm -/var/log/usbguard -/tmp -/etc/usbguard/ -/var/run -
Restart=on-failure -
RestrictAddressFamilies=AF_UNIX AF_NETLINK -
RestrictNamespacesIntroduced in systemd 233=yes -
RestrictRealtimeIntroduced in systemd 231=yes -
StateDirectory=usbguard usbguard/IPCAccessControl.d -
SystemCallArchitectures=native -
SystemCallFilter=@system-service -
Type=forking -
Type=simple -
UMask=0077
-
-
[Unit]-
Description=USBGuard daemon -
Documentation=man:usbguard-daemon(8) -
Wants=systemd-udevd.service -
Wants=systemd-udevd.service local-fs.target
-
Additionnal notes
Nothing here.