projects / thirdparty / systemd.git / blame
| Commit | Line | Data |
|---|---|---|
| a7df2d1e ZJS |
1 | # SPDX-License-Identifier: LGPL-2.1+ |
| 2 | # | |
| 7b17a7d7 LP |
3 | # This file is part of systemd. |
| 4 | # | |
| 5 | # systemd is free software; you can redistribute it and/or modify it | |
| 6 | # under the terms of the GNU Lesser General Public License as published by | |
| 7 | # the Free Software Foundation; either version 2.1 of the License, or | |
| 8 | # (at your option) any later version. | |
| 9 | ||
| 10 | [Unit] | |
| 11 | Description=Journal Gateway Service | |
| c9d49328 | 12 | Documentation=man:systemd-journal-gatewayd(8) |
| 7b17a7d7 LP |
13 | Requires=systemd-journal-gatewayd.socket |
| 14 | ||
| 15 | [Service] | |
| b7f2d0ba | 16 | DynamicUser=yes |
| 3ca9940c LP |
17 | ExecStart=@rootlibexecdir@/systemd-journal-gatewayd |
| 18 | LockPersonality=yes | |
| 19 | MemoryDenyWriteExecute=yes | |
| f21a71a9 LP |
20 | PrivateDevices=yes |
| 21 | PrivateNetwork=yes | |
| 24da96a1 | 22 | ProtectProc=invisible |
| 0c28d51a | 23 | ProtectControlGroups=yes |
| 3ca9940c | 24 | ProtectHome=yes |
| 99894b86 | 25 | ProtectHostname=yes |
| 24da96a1 | 26 | ProtectKernelLogs=yes |
| b6c7278c | 27 | ProtectKernelModules=yes |
| 3ca9940c | 28 | ProtectKernelTunables=yes |
| 0c28d51a | 29 | RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 |
| 3ca9940c LP |
30 | RestrictNamespaces=yes |
| 31 | RestrictRealtime=yes | |
| 32 | SupplementaryGroups=systemd-journal | |
| 7f396e5f | 33 | SystemCallArchitectures=native |
| 3ca9940c | 34 | User=systemd-journal-gateway |
| 7b17a7d7 | 35 | |
| c35ee02c LP |
36 | # If there are many split up journal files we need a lot of fds to access them |
| 37 | # all in parallel. | |
| c02b6ee4 | 38 | LimitNOFILE=@HIGH_RLIMIT_NOFILE@ |
| de45d726 | 39 | |
| 7b17a7d7 LP |
40 | [Install] |
| 41 | Also=systemd-journal-gatewayd.socket |