aboutsummaryrefslogtreecommitdiffstats
path: root/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-parsec/recipes-parsec/parsec-service/files/systemd.patch')
-rw-r--r--meta-parsec/recipes-parsec/parsec-service/files/systemd.patch28
1 files changed, 28 insertions, 0 deletions
diff --git a/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch b/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch
new file mode 100644
index 0000000..2525898
--- /dev/null
+++ b/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch
@@ -0,0 +1,28 @@
+
+Run the Parsec service as parsec user in /var/lib/parsec/ working directory.
+
+Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
+Upstream-Status: Inappropriate [deployment configuration]
+
+diff --git a/systemd-daemon/parsec.service b/systemd-daemon/parsec.service
+index c07c3b9..a6fe6a3 100644
+--- a/systemd-daemon/parsec.service
++++ b/systemd-daemon/parsec.service
+@@ -3,13 +3,15 @@ Description=Parsec Service
+ Documentation=https://parallaxsecond.github.io/parsec-book/parsec_service/install_parsec_linux.html
+
+ [Service]
+-WorkingDirectory=/home/parsec/
++User=parsec
++Group=parsec
++WorkingDirectory=/var/lib/parsec/
+ ExecStart=/usr/libexec/parsec/parsec --config /etc/parsec/config.toml
+ # Systemd hardening
+ ProtectSystem=full
+ ProtectHome=true
+ ProtectHostname=true
+-ProtectKernelTunables=true
++#ProtectKernelTunables=true
+ ProtectKernelModules=true
+ ProtectKernelLogs=true
+ ProtectControlGroups=true
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-06-04 11:56:36 +0000