[Unit] Description=ContNet file server After=network.target [Service] Type=simple ExecStart=/usr/local/bin/cn-fileserver 0.0.0.0 /var/contnet/cnroot PrivateTmp=yes ProtectSystem=strict ProtectHome=yes InaccessibleDirectories=/home ReadOnlyDirectories=/ CapabilityBoundingSet= LimitFSIZE=0 DeviceAllow=/dev/null rw MemoryDenyWriteExecute=yes User=nobody Group=nogroup WorkingDirectory=/var/contnet/cnroot Restart=always RestartSec=10s [Install] WantedBy=multi-user.target