MINOR: systemd: Add SystemD's SystemCallFilter option to the unit file

author Tim Duesterhus <tim@bastelstu.be>

Tue, 27 Feb 2018 19:19:05 +0000 (20:19 +0100)

committer Willy Tarreau <w@1wt.eu>

Thu, 1 Mar 2018 14:57:15 +0000 (15:57 +0100)
author Tim Duesterhus <tim@bastelstu.be>
Tue, 27 Feb 2018 19:19:05 +0000 (20:19 +0100)
committer Willy Tarreau <w@1wt.eu>
Thu, 1 Mar 2018 14:57:15 +0000 (15:57 +0100)
diff --git a/contrib/systemd/haproxy.service.in b/contrib/systemd/haproxy.service.in

index 846bcc77f5eaa2b0851883c587ae2585a3a16c44..7a8b6bead2df23bc4e16e8edddfd0aacde454572 100644 (file)
--- a/contrib/systemd/haproxy.service.in
+++ b/contrib/systemd/haproxy.service.in
@@ -27,6 +27,8 @@ Type=notify
  # ProtectKernelTunables=true
  # ProtectKernelModules=true
  # ProtectControlGroups=true
+# If your SystemD version supports them, you can add: @reboot, @swap, @sync
+# SystemCallFilter=~@cpu-emulation @keyring @module @obsolete @raw-io
  
  [Install]
  WantedBy=multi-user.target
author	Tim Duesterhus <tim@bastelstu.be>
	Tue, 27 Feb 2018 19:19:05 +0000 (20:19 +0100)
committer	Willy Tarreau <w@1wt.eu>
	Thu, 1 Mar 2018 14:57:15 +0000 (15:57 +0100)