summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-includes/lib/systemd/system/tails-unblock-network.service
blob: f9836e05757dc88872aaa73ba66bae1127a405c1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
[Unit]
Description=Unblock network device drivers
Documentation=https://tails.boum.org/contribute/design/MAC_address/

[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/var/lib/gdm3/tails.network

# It's important we "export" the settings from tails.macspoof before
# unblocking the network; doing so will make the user-set MAC spoofing
# option apply (via the custom udev rule) when loading the modules for the
# previously blocked network devices.
ExecStartPre=/bin/sh -c \
    'for setting in macspoof network; do \
         /usr/bin/install -m 0640 -o root -g root \
         "/var/lib/gdm3/tails.$setting" \
         "/var/lib/live/config/tails.$setting" ; \
     done'
ExecStartPre=/bin/sync
ExecStartPre=/bin/sh -c \
    'if [ "${TAILS_NETCONF}" = "obstacle" ] ; then \
         . /usr/local/lib/tails-shell-library/tor.sh ; \
         tor_set_in_torrc "DisableNetwork" "1"       ; \
     fi'

# We sync to make sure the blacklist has disappeared from the
# filesystem
ExecStart=/bin/sh -c \
    'if [ "${TAILS_NETCONF}" != "disabled" ] ; then \
         /bin/rm -f /etc/modprobe.d/all-net-blacklist.conf ; \
         /bin/touch /etc/modprobe.d ; \
         /bin/sync ; \
     fi'