summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-includes/lib/systemd/system/tails-additional-software-install.service
blob: 4f577098c12482b96381bd0bd3b695ac7f1531cf (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
[Unit]
Description=Install Additional Software Packages
Documentation=https://tails.boum.org/contribute/design/persistence/
ConditionFileNotEmpty=/live/persistence/TailsData_unlocked/live-additional-software.conf

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/local/sbin/tails-additional-software install
ExecStartPost=/usr/bin/install -m 0644 -D /dev/null /run/live-additional-software/installed
TimeoutStartSec=infinity
PrivateDevices=yes
PrivateTmp=yes
# Capabilities needed by tails-additional-software
CapabilityBoundingSet=CAP_DAC_READ_SEARCH
# Capabilities needed by apt/dpkg
CapabilityBoundingSet=CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FSETID
CapabilityBoundingSet=CAP_SETGID CAP_SETUID
ProtectSystem=no
# Capabilities needed by tails-notify-user
CapabilityBoundingSet=CAP_SYS_PTRACE CAP_AUDIT_WRITE CAP_SYS_RESOURCE
ProtectHome=no