units/systemd-journal-gatewayd.service.in

   1 #  SPDX-License-Identifier: LGPL-2.1+
   2 #
   3 #  This file is part of systemd.
   4 #
   5 #  systemd is free software; you can redistribute it and/or modify it
   6 #  under the terms of the GNU Lesser General Public License as published by
   7 #  the Free Software Foundation; either version 2.1 of the License, or
   8 #  (at your option) any later version.
   9
  10 [Unit]
  11 Description=Journal Gateway Service
  12 Documentation=man:systemd-journal-gatewayd(8)
  13 Requires=systemd-journal-gatewayd.socket
  14
  15 [Service]
  16 ExecStart=@rootlibexecdir@/systemd-journal-gatewayd
  17 User=systemd-journal-gateway
  18 SupplementaryGroups=systemd-journal
  19 DynamicUser=yes
  20 PrivateDevices=yes
  21 PrivateNetwork=yes
  22 ProtectHome=yes
  23 ProtectControlGroups=yes
  24 ProtectKernelTunables=yes
  25 ProtectKernelModules=yes
  26 MemoryDenyWriteExecute=yes
  27 RestrictRealtime=yes
  28 RestrictNamespaces=yes
  29 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
  30 SystemCallArchitectures=native
  31 LockPersonality=yes
  32
  33 # If there are many split upjournal files we need a lot of fds to
  34 # access them all and combine
  35 LimitNOFILE=16384
  36
  37 [Install]
  38 Also=systemd-journal-gatewayd.socket