f396e813a1
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort OBS-URL: https://build.opensuse.org/request/show/926714 OBS-URL: https://build.opensuse.org/package/show/network:messaging:amqp/rabbitmq-server?expand=0&rev=173
38 lines
897 B
Desktop File
38 lines
897 B
Desktop File
[Unit]
|
|
Description=RabbitMQ broker
|
|
After=syslog.target network.target epmd.service
|
|
BindsTo=epmd.service
|
|
|
|
[Service]
|
|
# added automatically, for details please see
|
|
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
ProtectSystem=full
|
|
ProtectHome=true
|
|
PrivateDevices=true
|
|
ProtectHostname=true
|
|
ProtectClock=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelLogs=true
|
|
ProtectControlGroups=true
|
|
RestrictRealtime=true
|
|
# end of automatic additions
|
|
Type=notify
|
|
User=rabbitmq
|
|
Group=rabbitmq
|
|
LimitNOFILE=65535
|
|
NotifyAccess=all
|
|
WorkingDirectory=/var/lib/rabbitmq
|
|
ExecStart=/usr/sbin/rabbitmq-server
|
|
ExecStop=/usr/sbin/rabbitmqctl shutdown
|
|
# See rabbitmq/rabbitmq-server-release#51
|
|
SuccessExitStatus=69
|
|
TimeoutStartSec=300
|
|
# required on machines with many cores (bsc#1094896):
|
|
TasksMax=8192
|
|
Restart=on-failure
|
|
RestartSec=10
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|