MINOR: systemd: Add section for SystemD sandboxing to unit file

author Tim Duesterhus <tim@bastelstu.be>

Tue, 27 Feb 2018 19:19:03 +0000 (20:19 +0100)

committer Willy Tarreau <w@1wt.eu>

Thu, 1 Mar 2018 14:57:15 +0000 (15:57 +0100)
author Tim Duesterhus <tim@bastelstu.be>
Tue, 27 Feb 2018 19:19:03 +0000 (20:19 +0100)
committer Willy Tarreau <w@1wt.eu>
Thu, 1 Mar 2018 14:57:15 +0000 (15:57 +0100)
diff --git a/contrib/systemd/haproxy.service.in b/contrib/systemd/haproxy.service.in

index 804be3583c1a5709ca6e4007156148024d0bba0f..5d8eecf06bfb190f93c95391a5eee913e4897316 100644 (file)
--- a/contrib/systemd/haproxy.service.in
+++ b/contrib/systemd/haproxy.service.in
@@ -12,5 +12,11 @@ KillMode=mixed
  Restart=always
  Type=notify
  
+# The following lines leverage SystemD's sandboxing options to provide
+# defense in depth protection at the expense of restricting some flexibility
+# in your setup (e.g. placement of your configuration files) or possibly
+# reduced performance. See systemd.service(5) and systemd.exec(5) for further
+# information.
+
  [Install]
  WantedBy=multi-user.target
author	Tim Duesterhus <tim@bastelstu.be>
	Tue, 27 Feb 2018 19:19:03 +0000 (20:19 +0100)
committer	Willy Tarreau <w@1wt.eu>
	Thu, 1 Mar 2018 14:57:15 +0000 (15:57 +0100)