diff options
Diffstat (limited to 'meta-parsec/recipes-parsec/parsec-service/files/systemd.patch')
-rw-r--r-- | meta-parsec/recipes-parsec/parsec-service/files/systemd.patch | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch b/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch new file mode 100644 index 0000000..2525898 --- /dev/null +++ b/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch @@ -0,0 +1,28 @@ + +Run the Parsec service as parsec user in /var/lib/parsec/ working directory. + +Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> +Upstream-Status: Inappropriate [deployment configuration] + +diff --git a/systemd-daemon/parsec.service b/systemd-daemon/parsec.service +index c07c3b9..a6fe6a3 100644 +--- a/systemd-daemon/parsec.service ++++ b/systemd-daemon/parsec.service +@@ -3,13 +3,15 @@ Description=Parsec Service + Documentation=https://parallaxsecond.github.io/parsec-book/parsec_service/install_parsec_linux.html + + [Service] +-WorkingDirectory=/home/parsec/ ++User=parsec ++Group=parsec ++WorkingDirectory=/var/lib/parsec/ + ExecStart=/usr/libexec/parsec/parsec --config /etc/parsec/config.toml + # Systemd hardening + ProtectSystem=full + ProtectHome=true + ProtectHostname=true +-ProtectKernelTunables=true ++#ProtectKernelTunables=true + ProtectKernelModules=true + ProtectKernelLogs=true + ProtectControlGroups=true |