abd75a6928
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort OBS-URL: https://build.opensuse.org/request/show/921081 OBS-URL: https://build.opensuse.org/package/show/devel:tools:building/icecream?expand=0&rev=84
27 lines
661 B
SYSTEMD
27 lines
661 B
SYSTEMD
[Unit]
|
|
Description=Icecream distributed compiler scheduler
|
|
|
|
[Service]
|
|
# added automatically, for details please see
|
|
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
ProtectSystem=full
|
|
ProtectHome=true
|
|
PrivateDevices=true
|
|
ProtectHostname=true
|
|
ProtectClock=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelLogs=true
|
|
ProtectControlGroups=true
|
|
RestrictRealtime=true
|
|
# end of automatic additions
|
|
Type=simple
|
|
EnvironmentFile=-/etc/sysconfig/icecream
|
|
User=icecream
|
|
Group=icecream
|
|
SyslogIdentifier=icecc-scheduler
|
|
ExecStart=@LIBEXECDIR@/icecc/icecc-scheduler-wrapper -u icecream
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|