github/nohang
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update nohang.service

Browse Source
This commit is contained in:
Alexey Avramov 2019-10-03 00:01:59 +09:00
parent ec93956a89
commit 137d392acc
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nohang/nohang.service.in
View File

@ -15,9 +15,10 @@ RestrictRealtime=yes
MemoryDenyWriteExecute=yes
ProtectKernelModules=true
SystemCallArchitectures=native
SystemCallFilter=~@mount
ReadOnlyPaths=/
ReadWritePaths=/tmp /var /run /dev/shm
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_LINUX_IMMUTABLE CAP_SYS_BOOT CAP_SYS_CHROOT CAP_SYS_MODULE CAP_SYS_NICE CAP_SYS_TIME CAP_SYS_RESOURCE CAP_BLOCK_SUSPEND CAP_NET_ADMIN CAP_MKNOD CAP_AUDIT_CONTROL
AmbientCapabilities=~CAP_SYS_ADMIN CAP_LINUX_IMMUTABLE CAP_SYS_BOOT CAP_SYS_CHROOT CAP_SYS_MODULE CAP_SYS_NICE CAP_SYS_TIME CAP_SYS_RESOURCE CAP_BLOCK_SUSPEND CAP_NET_ADMIN CAP_MKNOD CAP_AUDIT_CONTROL
[Install]
WantedBy=multi-user.target