github/nohang
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ed6b129e8c
nohang/nohang/nohang.service.in
Alexey Avramov ed6b129e8c Set PrivateNetwork=true
2019-12-08 21:10:22 +09:00

30 lines
873 B
SYSTEMD
Raw Blame History

[Unit]
Description=Highly configurable OOM prevention daemon
Documentation=man:nohang(1) https://github.com/hakavlad/nohang
After=system.slice
[Service]
ExecStart=:TARGET_BIN:/nohang --config :TARGET_CONF:/nohang/nohang.conf
SyslogIdentifier=nohang
Restart=always
RestartSec=0
KillMode=mixed
TasksMax=100
Nice=-5
CPUSchedulingResetOnFork=true
OOMScoreAdjust=-5
UMask=0027
PrivateNetwork=true
PrivateTmp=true
RestrictRealtime=yes
MemoryDenyWriteExecute=yes
ProtectKernelModules=true
SystemCallArchitectures=native
ReadOnlyPaths=/
ReadWritePaths=/tmp /var /run /dev/shm
CapabilityBoundingSet=CAP_KILL CAP_IPC_LOCK CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE
AmbientCapabilities=CAP_KILL CAP_IPC_LOCK CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE
[Install]
WantedBy=multi-user.target
Reference in New Issue View Git Blame Copy Permalink