Stowage/rest-server
2
0
Fork 0
mirror of https://github.com/restic/rest-server.git synced 2025-10-19 15:43:21 +00:00
Code Issues Projects Releases Packages Wiki Activity

Restrict rest-server.service SystemCallFilter

Browse source 
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
This commit is contained in:
Erik Sjölund 2023-07-18 09:19:08 +02:00
parent c38e18b708
commit 981488dfff
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
examples/systemd/rest-server.service
View file

@ -57,6 +57,8 @@ RestrictRealtime=true
# if your service crashes with "code=killed, status=31/SYS", you probably tried to run linux_i386 (32bit) binary on a amd64 host # if your service crashes with "code=killed, status=31/SYS", you probably tried to run linux_i386 (32bit) binary on a amd64 host
SystemCallArchitectures=native SystemCallArchitectures=native
SystemCallFilter=@system-service SystemCallFilter=@system-service
SystemCallFilter=~@resources
SystemCallFilter=~@privileged
# Additionally, you may wish to use some of the systemd options documented in # Additionally, you may wish to use some of the systemd options documented in
# systemd.resource-control(5) to limit the CPU, memory, file-system I/O and # systemd.resource-control(5) to limit the CPU, memory, file-system I/O and