| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546 |
- # SPDX-License-Identifier: LGPL-2.1+
- #
- # This file is part of systemd.
- #
- # systemd is free software; you can redistribute it and/or modify it
- # under the terms of the GNU Lesser General Public License as published by
- # the Free Software Foundation; either version 2.1 of the License, or
- # (at your option) any later version.
- [Unit]
- Description=Journal Service
- Documentation=man:systemd-journald.service(8) man:journald.conf(5)
- DefaultDependencies=no
- Requires=systemd-journald.socket
- After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket syslog.socket
- Before=sysinit.target
- [Service]
- CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
- DeviceAllow=char-* rw
- ExecStart=/lib/systemd/systemd-journald
- FileDescriptorStoreMax=4224
- IPAddressDeny=any
- LockPersonality=yes
- MemoryDenyWriteExecute=yes
- NoNewPrivileges=yes
- OOMScoreAdjust=-250
- Restart=always
- RestartSec=0
- Nice=-1
- RestrictAddressFamilies=AF_UNIX AF_NETLINK
- RestrictNamespaces=yes
- RestrictRealtime=yes
- RestrictSUIDSGID=yes
- RuntimeDirectory=systemd/journal
- RuntimeDirectoryPreserve=yes
- Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket
- StandardOutput=null
- SystemCallArchitectures=native
- SystemCallErrorNumber=EPERM
- SystemCallFilter=@system-service
- Type=notify
- # If there are many split up journal files we need a lot of fds to access them
- # all in parallel.
- LimitNOFILE=524288
|
