[thirdparty/systemd.git] / units / systemd-journald.service.in

#  SPDX-License-Identifier: LGPL-2.1+
#
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=Journal Service
Documentation=man:systemd-journald.service(8) man:journald.conf(5)
DefaultDependencies=no
Requires=systemd-journald.socket
After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket syslog.socket
Before=sysinit.target

[Service]
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
ExecStart=@rootlibexecdir@/systemd-journald
FileDescriptorStoreMax=4224
IPAddressDeny=any
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
Restart=always
RestartSec=0
RestrictAddressFamilies=AF_UNIX AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket
StandardOutput=null
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
SystemCallFilter=@system-service
Type=notify
WatchdogSec=3min

# If there are many split up journal files we need a lot of fds to access them
# all in parallel.
LimitNOFILE=@HIGH_RLIMIT_NOFILE@
Commit	Line	Data
a7df2d1e ZJS	1	# SPDX-License-Identifier: LGPL-2.1+
a7df2d1e ZJS	2	#
4b2d99d9 LP	3	# This file is part of systemd.
	4	#
	5	# systemd is free software; you can redistribute it and/or modify it
5430f7f2 LP	6	# under the terms of the GNU Lesser General Public License as published by
5430f7f2 LP	7	# the Free Software Foundation; either version 2.1 of the License, or
4b2d99d9 LP	8	# (at your option) any later version.
4b2d99d9 LP	9
4b2d99d9 LP	10	[Unit]
4b2d99d9 LP	11	Description=Journal Service
63cb20a2	12	Documentation=man:systemd-journald.service(8) man:journald.conf(5)
4b2d99d9 LP	13	DefaultDependencies=no
4b2d99d9 LP	14	Requires=systemd-journald.socket
875c2e22	15	After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket syslog.socket
7e75c5ac	16	Before=sysinit.target
4b2d99d9 LP	17
4b2d99d9 LP	18	[Service]
3ca9940c	19	CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
4b2d99d9	20	ExecStart=@rootlibexecdir@/systemd-journald
3c978aca	21	FileDescriptorStoreMax=4224
3ca9940c LP	22	IPAddressDeny=any
3ca9940c LP	23	LockPersonality=yes
40652ca4	24	MemoryDenyWriteExecute=yes
3ca9940c LP	25	NoNewPrivileges=yes
	26	Restart=always
	27	RestartSec=0
0c28d51a	28	RestrictAddressFamilies=AF_UNIX AF_NETLINK
3ca9940c LP	29	RestrictNamespaces=yes
3ca9940c LP	30	RestrictRealtime=yes
62aa2924	31	RestrictSUIDSGID=yes
3ca9940c LP	32	Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket
3ca9940c LP	33	StandardOutput=null
7f396e5f	34	SystemCallArchitectures=native
3ca9940c LP	35	SystemCallErrorNumber=EPERM
	36	SystemCallFilter=@system-service
	37	Type=notify
	38	WatchdogSec=3min
4b2d99d9	39
c35ee02c LP	40	# If there are many split up journal files we need a lot of fds to access them
c35ee02c LP	41	# all in parallel.
c02b6ee4	42	LimitNOFILE=@HIGH_RLIMIT_NOFILE@