units/systemd-coredump@.service.in

   1 #  SPDX-License-Identifier: LGPL-2.1+
   2 #
   3 #  This file is part of systemd.
   4 #
   5 #  systemd is free software; you can redistribute it and/or modify it
   6 #  under the terms of the GNU Lesser General Public License as published by
   7 #  the Free Software Foundation; either version 2.1 of the License, or
   8 #  (at your option) any later version.
   9
  10 [Unit]
  11 Description=Process Core Dump
  12 Documentation=man:systemd-coredump(8)
  13 DefaultDependencies=no
  14 Conflicts=shutdown.target
  15 After=systemd-journald.socket
  16 Requires=systemd-journald.socket
  17 Before=shutdown.target
  18
  19 [Service]
  20 ExecStart=-@rootlibexecdir@/systemd-coredump
  21 IPAddressDeny=any
  22 LockPersonality=yes
  23 MemoryDenyWriteExecute=yes
  24 Nice=9
  25 NoNewPrivileges=yes
  26 OOMScoreAdjust=500
  27 PrivateDevices=yes
  28 PrivateNetwork=yes
  29 PrivateTmp=yes
  30 ProtectControlGroups=yes
  31 ProtectHome=yes
  32 ProtectHostname=yes
  33 ProtectKernelModules=yes
  34 ProtectKernelTunables=yes
  35 ProtectKernelLogs=yes
  36 ProtectSystem=strict
  37 RestrictAddressFamilies=AF_UNIX
  38 RestrictNamespaces=yes
  39 RestrictRealtime=yes
  40 RestrictSUIDSGID=yes
  41 RuntimeMaxSec=5min
  42 StateDirectory=systemd/coredump
  43 SystemCallArchitectures=native
  44 SystemCallErrorNumber=EPERM
  45 SystemCallFilter=@system-service