[Unit]
Description=WWSympa Service
After=network.target
PartOf=sympa.service
Requires=wwsympa.socket

[Service]
StandardInput=socket
User=sympa
Group=sympa
ExecStart=/usr/lib/cgi-bin/sympa/wwsympa.fcgi

# Hardening
NoNewPrivileges=yes
ReadWriteDirectories=/etc/sympa
ReadWriteDirectories=/var/lib/sympa
ReadWriteDirectories=/var/spool/sympa
ReadWriteDirectories=/run/sympa
PrivateDevices=yes
PrivateNetwork=yes
ProtectHome=yes
ProtectSystem=strict
PrivateTmp=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=

[Install]
WantedBy=multi-user.target