From f73ff046ac38a8dd9d72f014a847163165030cfa Mon Sep 17 00:00:00 2001
From: Alexey Avramov <hakavlad@gmail.com>
Date: Wed, 2 Oct 2019 00:38:34 +0900
Subject: [PATCH] update nohang.service

---
 nohang/nohang            | 30 ------------------------------
 nohang/nohang.service.in | 10 +++++-----
 2 files changed, 5 insertions(+), 35 deletions(-)

diff --git a/nohang/nohang b/nohang/nohang
index 3f7e511..d69d333 100755
--- a/nohang/nohang
+++ b/nohang/nohang
@@ -645,13 +645,6 @@ def write(path, string):
         f.write(string)
 
 
-def write_self_oom_score_adj(new_value):
-    """
-    """
-    if root:
-        write('/proc/self/oom_score_adj', new_value)
-
-
 def valid_re(reg_exp):
     """Validate regular expression.
     """
@@ -2661,29 +2654,6 @@ separate_log = False  # will be overwritten after parse config
 cgroup_v1_index, cgroup_v2_index = find_cgroup_indexes()
 
 
-# del it
-self_oom_score_adj_min = '-100'
-self_oom_score_adj_max = '-10'
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-write_self_oom_score_adj(self_oom_score_adj_min)
-
-
 pid_list = get_pid_list()
 
 
diff --git a/nohang/nohang.service.in b/nohang/nohang.service.in
index 47fec88..c4284ac 100644
--- a/nohang/nohang.service.in
+++ b/nohang/nohang.service.in
@@ -1,6 +1,7 @@
 [Unit]
 Description=Highly configurable OOM prevention daemon
 Documentation=man:nohang(1) https://github.com/hakavlad/nohang
+After=system.slice
 
 [Service]
 ExecStart=:TARGET_BIN:/nohang --config :TARGET_CONF:/nohang/nohang.conf
@@ -11,13 +12,12 @@ Nice=-15
 CPUSchedulingResetOnFork=true
 OOMScoreAdjust=-10
 RestrictRealtime=yes
-RestrictSUIDSGID=yes
 MemoryDenyWriteExecute=yes
-SystemCallFilter=~@mount
-ProtectSystem=full
-ProtectControlGroups=true
 ProtectKernelModules=true
-ProtectKernelTunables=true
+SystemCallFilter=~@mount ~@clock ~@reboot ~@resources ~@setuid ~@swap
+SystemCallArchitectures=native
+ReadOnlyPaths=/
+ReadWritePaths=/tmp /var /run /dev/shm
 
 [Install]
 WantedBy=multi-user.target