github/nohang
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f071b341bd
nohang/nohang/nohang.service.in
Alexey Avramov f071b341bd update units
2019-12-13 01:32:56 +09:00

37 lines
996 B
SYSTEMD
Raw Blame History

[Unit]
Description=Highly configurable OOM prevention daemon
Documentation=man:nohang(1) https://github.com/hakavlad/nohang
Conflicts=nohang-desktop.service
After=system.slice
[Service]
ExecStart=:TARGET_BIN:/nohang --config :TARGET_CONF:/nohang/nohang.conf
SyslogIdentifier=nohang
OOMScoreAdjust=-5
KillMode=mixed
Restart=always
RestartSec=0
TasksMax=50
UMask=0027
Nice=-5
CPUSchedulingResetOnFork=true
ProtectKernelModules=true
PrivateNetwork=true
PrivateTmp=true
LockPersonality=yes
RestrictRealtime=yes
RestrictNamespaces=yes
MemoryDenyWriteExecute=yes
SystemCallArchitectures=native
ReadOnlyPaths=/
ReadWritePaths=/tmp /var/tmp /var/log/nohang /dev/shm
InaccessiblePaths=/home /root
CapabilityBoundingSet=CAP_KILL CAP_IPC_LOCK CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE
AmbientCapabilities=CAP_KILL CAP_IPC_LOCK CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE
[Install]
WantedBy=multi-user.target
Reference in New Issue View Git Blame Copy Permalink