github/nohang
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
93a504a5ce
nohang/nohang/nohang.service.in
Alexey Avramov 93a504a5ce fix issue#67: add CAP_SYS_RESOURCE in unit
2019-12-03 22:40:59 +09:00

28 lines
831 B
SYSTEMD
Raw Blame History

[Unit]
Description=Highly configurable OOM prevention daemon
Documentation=man:nohang(1) https://github.com/hakavlad/nohang
After=system.slice
[Service]
ExecStart=:TARGET_BIN:/nohang --config :TARGET_CONF:/nohang/nohang.conf
Restart=always
RestartSec=0
KillMode=mixed
TasksMax=100
Nice=-15
CPUSchedulingResetOnFork=true
OOMScoreAdjust=-10
UMask=0027
PrivateTmp=true
RestrictRealtime=yes
MemoryDenyWriteExecute=yes
ProtectKernelModules=true
SystemCallArchitectures=native
ReadOnlyPaths=/
ReadWritePaths=/tmp /var /run /dev/shm
CapabilityBoundingSet=CAP_KILL CAP_IPC_LOCK CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE
AmbientCapabilities=CAP_KILL CAP_IPC_LOCK CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE
[Install]
WantedBy=multi-user.target
Reference in New Issue View Git Blame Copy Permalink