[Unit]
Description=Anbox Container Manager
Wants=lxc.service
After=lxc.service

[Service]
ExecStart=/usr/bin/anbox container-manager --daemon --data-path=/var/lib/anbox

# anbox-container-manager crashes
#PrivateUsers=true
#PrivateDevices=true

PrivateTmp=true

# Android applications do not launch
#ProtectHome=true
#LockPersonality=true

# anbox-container-manager crashes
#ProtectSystem=strict
#ProtectControlGroups=yes

ProtectKernelTunables=true
ProtectKernelModules=yes

WorkingDirectory=/var/lib/anbox
NoNewPrivileges=true
#MemoryDenyWriteExecute=true
#RestrictRealtime=true

# anbox-session-manager crashes
#CapabilityBoundingSet=CAP_SYS_ADMIN

#RestrictAddressFamilies=AF_INET AF_INET6

[Install]
WantedBy=multi-user.target