[Unit]
Description=Quad Image Paste
[Install]
WantedBy=multi-user.target
[Service]
User=quad-image
Group=quad-image
# note images are written to the 'e' subdirectory of this working directory:
WorkingDirectory=/opt/quad-image
ExecStart=/opt/quad-image/quad-image
Restart=on-failure
#[Hardening]
# strict isn't supported in Ubuntu 16.04, so start with full then try to upgrade
ProtectSystem=full
ProtectSystem=strict
ProtectHome=yes
# shouldn't need to elevate
NoNewPrivileges=true
CapabilityBoundingSet=
# these three protects aren't supported in Ubuntu 16.04, but don't add value as we should have no privs
ProtectKernelTunables=true
ProtectControlGroups=true
ProtectKernelModules=true
PrivateDevices=true
PrivateTmp=true