|
|
- [Unit]
- Description=Anbox Container Manager
- Wants=lxc.service
- After=lxc.service
-
- [Service]
- ExecStart=/usr/bin/anbox container-manager --daemon --data-path=/var/lib/anbox
-
- # anbox-container-manager crashes
- #PrivateUsers=true
- #PrivateDevices=true
-
- PrivateTmp=true
-
- # Android applications do not launch
- #ProtectHome=true
- #LockPersonality=true
-
- # anbox-container-manager crashes
- #ProtectSystem=strict
- #ProtectControlGroups=yes
-
- ProtectKernelTunables=true
- ProtectKernelModules=yes
-
- WorkingDirectory=/var/lib/anbox
- NoNewPrivileges=true
- #MemoryDenyWriteExecute=true
- #RestrictRealtime=true
-
- # anbox-session-manager crashes
- #CapabilityBoundingSet=CAP_SYS_ADMIN
-
- #RestrictAddressFamilies=AF_INET AF_INET6
-
- [Install]
- WantedBy=multi-user.target
|
