[Unit]
Description=Update locate database
Documentation=man:updatedb

[Service]
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full
ProtectHome=read-only
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions
Type=oneshot
ExecStart=/bin/sh -c \
          "chown -R ${RUN_UPDATEDB_AS}:root /var/lib/mlocate && \
          su --shell=/bin/sh ${RUN_UPDATEDB_AS} -c 'umask 0022; /usr/bin/updatedb'"

# Unfortunately, the umask we set here is lost because we invoke updatedb
# through 'su' to change to the user ${RUN_UPDATEDB_AS}. See bnc#941296 and
# bnc#1209409 for further details.
UMask=0022

# Alter the priority of the updatedb process
Nice=19
IOSchedulingClass=2
IOSchedulingPriority=7

# Load sysconfig
EnvironmentFile=/etc/sysconfig/locate