|
|
[Unit]
|
|
|
Description=Anbox Container Manager
|
|
|
Wants=lxc.service
|
|
|
After=lxc.service
|
|
|
|
|
|
[Service]
|
|
|
ExecStart=/usr/bin/anbox container-manager --daemon --data-path=/var/lib/anbox
|
|
|
|
|
|
# anbox-container-manager crashes
|
|
|
#PrivateUsers=true
|
|
|
#PrivateDevices=true
|
|
|
|
|
|
PrivateTmp=true
|
|
|
|
|
|
# Android applications do not launch
|
|
|
#ProtectHome=true
|
|
|
#LockPersonality=true
|
|
|
|
|
|
# anbox-container-manager crashes
|
|
|
#ProtectSystem=strict
|
|
|
#ProtectControlGroups=yes
|
|
|
|
|
|
ProtectKernelTunables=true
|
|
|
ProtectKernelModules=yes
|
|
|
|
|
|
WorkingDirectory=/var/lib/anbox
|
|
|
NoNewPrivileges=true
|
|
|
#MemoryDenyWriteExecute=true
|
|
|
#RestrictRealtime=true
|
|
|
|
|
|
# anbox-session-manager crashes
|
|
|
#CapabilityBoundingSet=CAP_SYS_ADMIN
|
|
|
|
|
|
#RestrictAddressFamilies=AF_INET AF_INET6
|
|
|
|
|
|
[Install]
|
|
|
WantedBy=multi-user.target
|