systemd: Add comments with integration considerations.
This commit is contained in:
Brett Smith
parent
4f96088167
commit
d522327e2d
1 changed files with 10 additions and 0 deletions
|
|
@ -7,8 +7,16 @@ After=network-online.target
|
||||||
WantedBy=default.target
|
WantedBy=default.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
|
## If you installed ForwardXMPP in a virtualenv, you will probably want to
|
||||||
|
## override this line so the executable is the python inside your virtualenv.
|
||||||
|
## If you did not install ForwardXMPP system-wide, you can set
|
||||||
|
## Environment=PYTHONPATH=<directory of your source checkout>
|
||||||
|
## and this ExecStart should work.
|
||||||
ExecStart=/usr/bin/python3 -m forwardxmpp --config-file /etc/forwardxmpp/config.ini
|
ExecStart=/usr/bin/python3 -m forwardxmpp --config-file /etc/forwardxmpp/config.ini
|
||||||
|
|
||||||
|
## Generally the only privileged operation ForwardXMPP needs to do is read
|
||||||
|
## its configuration file (which has a password in it). If DynamicUser can't
|
||||||
|
## read it, you can turn that off and set a low-privileged static User.
|
||||||
DynamicUser=true
|
DynamicUser=true
|
||||||
|
|
||||||
DevicePolicy=closed
|
DevicePolicy=closed
|
||||||
|
|
@ -29,4 +37,6 @@ RestrictRealtime=true
|
||||||
CapabilityBoundingSet=
|
CapabilityBoundingSet=
|
||||||
NoNewPrivileges=true
|
NoNewPrivileges=true
|
||||||
|
|
||||||
|
## This is just a list of very privileged syscall groups.
|
||||||
|
## This list could be tightened further if desired.
|
||||||
SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete
|
SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue