aboutsummaryrefslogtreecommitdiffstats
path: root/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-parsec/recipes-parsec/parsec-service/files/systemd.patch')
-rw-r--r--meta-parsec/recipes-parsec/parsec-service/files/systemd.patch21
1 files changed, 15 insertions, 6 deletions
diff --git a/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch b/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch
index c01ff06..2525898 100644
--- a/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch
+++ b/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch
@@ -4,16 +4,25 @@ Run the Parsec service as parsec user in /var/lib/parsec/ working directory.
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Upstream-Status: Inappropriate [deployment configuration]
---- a/systemd-daemon/parsec.service 2021-03-28 18:34:18.703196235 +0100
-+++ b/systemd-daemon/parsec.service 2021-03-28 18:35:14.279830299 +0100
-@@ -3,7 +3,9 @@
+diff --git a/systemd-daemon/parsec.service b/systemd-daemon/parsec.service
+index c07c3b9..a6fe6a3 100644
+--- a/systemd-daemon/parsec.service
++++ b/systemd-daemon/parsec.service
+@@ -3,13 +3,15 @@ Description=Parsec Service
Documentation=https://parallaxsecond.github.io/parsec-book/parsec_service/install_parsec_linux.html
-
+
[Service]
-WorkingDirectory=/home/parsec/
+User=parsec
+Group=parsec
+WorkingDirectory=/var/lib/parsec/
ExecStart=/usr/libexec/parsec/parsec --config /etc/parsec/config.toml
-
- [Install]
+ # Systemd hardening
+ ProtectSystem=full
+ ProtectHome=true
+ ProtectHostname=true
+-ProtectKernelTunables=true
++#ProtectKernelTunables=true
+ ProtectKernelModules=true
+ ProtectKernelLogs=true
+ ProtectControlGroups=true
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-28 10:46:47 +0000