github/nohang
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update units

Browse Source
This commit is contained in:
Alexey Avramov 2019-12-13 01:32:56 +09:00
parent fbb6464217
commit f071b341bd
2 changed files with 32 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
nohang/nohang-desktop.service.in
View File

@ -7,26 +7,30 @@ After=system.slice
[Service] [Service]
ExecStart=:TARGET_BIN:/nohang --config :TARGET_CONF:/nohang/nohang-desktop.conf ExecStart=:TARGET_BIN:/nohang --config :TARGET_CONF:/nohang/nohang-desktop.conf
SyslogIdentifier=nohang-desktop SyslogIdentifier=nohang-desktop
OOMScoreAdjust=-5
KillMode=mixed
Restart=always Restart=always
RestartSec=0 RestartSec=0
KillMode=mixed TasksMax=50
TasksMax=100
Nice=-5
CPUSchedulingResetOnFork=true
OOMScoreAdjust=-5
UMask=0027 UMask=0027
Nice=-5
CPUSchedulingResetOnFork=true
ProtectKernelModules=true
PrivateNetwork=true PrivateNetwork=true
PrivateTmp=true PrivateTmp=true
RestrictRealtime=yes
MemoryDenyWriteExecute=yes
ProtectKernelModules=true
RestrictNamespaces=yes
LockPersonality=yes LockPersonality=yes
RestrictRealtime=yes
RestrictNamespaces=yes
MemoryDenyWriteExecute=yes
SystemCallArchitectures=native SystemCallArchitectures=native
ReadOnlyPaths=/ ReadOnlyPaths=/
ReadWritePaths=/tmp /var /run /dev/shm ReadWritePaths=/tmp /var/tmp /var/log/nohang /dev/shm
CapabilityBoundingSet=CAP_KILL CAP_IPC_LOCK CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE InaccessiblePaths=/home /root
AmbientCapabilities=CAP_KILL CAP_IPC_LOCK CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE
CapabilityBoundingSet=CAP_KILL CAP_IPC_LOCK CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE
AmbientCapabilities=CAP_KILL CAP_IPC_LOCK CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

28
nohang/nohang.service.in
View File

@ -7,26 +7,30 @@ After=system.slice
[Service] [Service]
ExecStart=:TARGET_BIN:/nohang --config :TARGET_CONF:/nohang/nohang.conf ExecStart=:TARGET_BIN:/nohang --config :TARGET_CONF:/nohang/nohang.conf
SyslogIdentifier=nohang SyslogIdentifier=nohang
OOMScoreAdjust=-5
KillMode=mixed
Restart=always Restart=always
RestartSec=0 RestartSec=0
KillMode=mixed TasksMax=50
TasksMax=100
Nice=-5
CPUSchedulingResetOnFork=true
OOMScoreAdjust=-5
UMask=0027 UMask=0027
Nice=-5
CPUSchedulingResetOnFork=true
ProtectKernelModules=true
PrivateNetwork=true PrivateNetwork=true
PrivateTmp=true PrivateTmp=true
RestrictRealtime=yes
MemoryDenyWriteExecute=yes
ProtectKernelModules=true
RestrictNamespaces=yes
LockPersonality=yes LockPersonality=yes
RestrictRealtime=yes
RestrictNamespaces=yes
MemoryDenyWriteExecute=yes
SystemCallArchitectures=native SystemCallArchitectures=native
ReadOnlyPaths=/ ReadOnlyPaths=/
ReadWritePaths=/tmp /var /run /dev/shm ReadWritePaths=/tmp /var/tmp /var/log/nohang /dev/shm
CapabilityBoundingSet=CAP_KILL CAP_IPC_LOCK CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE InaccessiblePaths=/home /root
AmbientCapabilities=CAP_KILL CAP_IPC_LOCK CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE
CapabilityBoundingSet=CAP_KILL CAP_IPC_LOCK CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE
AmbientCapabilities=CAP_KILL CAP_IPC_LOCK CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target