mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-01-06 13:17:44 +03:00
c35ee02c61
This updates the unit files of all our serviecs that deal with journal stuff to use a higher RLIMIT_NOFILE soft limit by default. The new value is the same as used for the new HIGH_RLIMIT_NOFILE we just added. With this we ensure all code that access the journal has higher RLIMIT_NOFILE. The code that runs as daemon via the unit files, the code that is run from the user's command line via C code internal to the relevant tools. In some cases this means we'll redundantly bump the limits as there are tools run both from the command line and as service.
39 lines
1.0 KiB
SYSTEMD
39 lines
1.0 KiB
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1+
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Journal Gateway Service
|
|
Documentation=man:systemd-journal-gatewayd(8)
|
|
Requires=systemd-journal-gatewayd.socket
|
|
|
|
[Service]
|
|
ExecStart=@rootlibexecdir@/systemd-journal-gatewayd
|
|
User=systemd-journal-gateway
|
|
SupplementaryGroups=systemd-journal
|
|
DynamicUser=yes
|
|
PrivateDevices=yes
|
|
PrivateNetwork=yes
|
|
ProtectHome=yes
|
|
ProtectControlGroups=yes
|
|
ProtectKernelTunables=yes
|
|
ProtectKernelModules=yes
|
|
MemoryDenyWriteExecute=yes
|
|
RestrictRealtime=yes
|
|
RestrictNamespaces=yes
|
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
|
SystemCallArchitectures=native
|
|
LockPersonality=yes
|
|
|
|
# If there are many split up journal files we need a lot of fds to access them
|
|
# all in parallel.
|
|
LimitNOFILE=262144
|
|
|
|
[Install]
|
|
Also=systemd-journal-gatewayd.socket
|