projects / thirdparty / systemd.git / blame
| Commit | Line | Data |
|---|---|---|
| ad95fd1d ZJS |
1 | # This file is part of systemd. |
| 2 | # | |
| 3 | # systemd is free software; you can redistribute it and/or modify it | |
| 4 | # under the terms of the GNU Lesser General Public License as published by | |
| 5 | # the Free Software Foundation; either version 2.1 of the License, or | |
| 6 | # (at your option) any later version. | |
| 7 | ||
| 8 | [Unit] | |
| 9 | Description=Journal Remote Sink Service | |
| c9d49328 | 10 | Documentation=man:systemd-journal-remote(8) man:journal-remote.conf(5) |
| ad95fd1d ZJS |
11 | Requires=systemd-journal-remote.socket |
| 12 | ||
| 13 | [Service] | |
| 0c28d51a | 14 | ExecStart=@rootlibexecdir@/systemd-journal-remote --listen-https=-3 --output=/var/log/journal/remote/ |
| ad95fd1d ZJS |
15 | User=systemd-journal-remote |
| 16 | Group=systemd-journal-remote | |
| 0c28d51a | 17 | WatchdogSec=3min |
| ad95fd1d ZJS |
18 | PrivateTmp=yes |
| 19 | PrivateDevices=yes | |
| 20 | PrivateNetwork=yes | |
| c7fb922d | 21 | ProtectSystem=strict |
| 0c28d51a LP |
22 | ProtectHome=yes |
| 23 | ProtectControlGroups=yes | |
| 24 | ProtectKernelTunables=yes | |
| 25 | MemoryDenyWriteExecute=yes | |
| 26 | RestrictRealtime=yes | |
| 3c19d0b4 | 27 | RestrictNamespaces=yes |
| 0c28d51a | 28 | RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 |
| 7f396e5f | 29 | SystemCallArchitectures=native |
| c7fb922d | 30 | ReadWritePaths=/var/log/journal/remote |
| ad95fd1d ZJS |
31 | |
| 32 | [Install] | |
| 33 | Also=systemd-journal-remote.socket |