mlocate/mlocate.service

[Unit]
Description=Update locate database
Documentation=man:updatedb

[Service]
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full
ProtectHome=read-only
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions
Type=oneshot
ExecStart=/bin/sh -c \
          "chown -R ${RUN_UPDATEDB_AS}:root /var/lib/mlocate && \
          su --shell=/bin/sh ${RUN_UPDATEDB_AS} -c 'umask 0022; /usr/bin/updatedb'"

# Ensure we have proper umask bnc#941296
UMask=0022

# Alter the priority of the updatedb process
Nice=19
IOSchedulingClass=2
IOSchedulingPriority=7

# Load sysconfig
EnvironmentFile=/etc/sysconfig/locate
Sync from SUSE:ALP:Source:Standard:1.0 mlocate revision 0676acbe53e056248911539904a7fc7a 2024-01-12 13:00:00 +01:00			`[Unit]`
			`Description=Update locate database`
			`Documentation=man:updatedb`

			`[Service]`
			`# added automatically, for details please see`
			`# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort`
			`ProtectSystem=full`
			`ProtectHome=read-only`
			`PrivateDevices=true`
			`ProtectHostname=true`
			`ProtectClock=true`
			`ProtectKernelTunables=true`
			`ProtectKernelLogs=true`
			`ProtectControlGroups=true`
			`RestrictRealtime=true`
			`# end of automatic additions`
			`Type=oneshot`
			`ExecStart=/bin/sh -c \`
			`"chown -R ${RUN_UPDATEDB_AS}:root /var/lib/mlocate && \`
			`su --shell=/bin/sh ${RUN_UPDATEDB_AS} -c 'umask 0022; /usr/bin/updatedb'"`

			`# Ensure we have proper umask bnc#941296`
			`UMask=0022`

			`# Alter the priority of the updatedb process`
			`Nice=19`
			`IOSchedulingClass=2`
			`IOSchedulingPriority=7`

			`# Load sysconfig`
			`EnvironmentFile=/etc/sysconfig/locate`