github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-10 11:09:37 +00:00
Code Issues Projects Releases Wiki Activity

Removes the comments in systemd service files

Browse Source 
Signed-off-by: JenTing Hsiao <jenting.hsiao@suse.com>
This commit is contained in:
JenTing Hsiao
2020-12-13 08:14:49 +08:00
committed by poiana
parent 39bb5c28c7
commit 5661b491af
2 changed files with 2 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
scripts/debian/falco.service
View File

@@ -8,22 +8,15 @@ ExecStart=/usr/bin/falco --pidfile=/var/run/falco.pid
UMask=0077 UMask=0077
TimeoutSec=30 TimeoutSec=30
RestartSec=15s RestartSec=15s
#Restart=always
Restart=on-failure Restart=on-failure
NoNewPrivileges=yes
PrivateTmp=true PrivateTmp=true
NoNewPrivileges=yes
ProtectHome=read-only ProtectHome=read-only
ProtectSystem=full ProtectSystem=full
ProtectKernelTunables=true ProtectKernelTunables=true
RestrictRealtime=true RestrictRealtime=true
#RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictAddressFamilies=~AF_PACKET RestrictAddressFamilies=~AF_PACKET
SystemCallFilter=~@debug @mount @cpu-emulation @obsolete @privileged SystemCallFilter=~@debug @mount @cpu-emulation @obsolete @privileged
# FIXME!
# PANIC: unprotected error in call to Lua API (runtime code generation failed, restricted kernel?)
# https://www.freelists.org/post/luajit/luajit-crashes-with-grsec-kernel,1
# MemoryDenyWriteExecute=true
# PrivateMounts=true
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

9
scripts/rpm/falco.service
View File

@@ -8,22 +8,15 @@ ExecStart=/usr/bin/falco --pidfile=/var/run/falco.pid
UMask=0077 UMask=0077
TimeoutSec=30 TimeoutSec=30
RestartSec=15s RestartSec=15s
#Restart=always
Restart=on-failure Restart=on-failure
NoNewPrivileges=yes
PrivateTmp=true PrivateTmp=true
NoNewPrivileges=yes
ProtectHome=read-only ProtectHome=read-only
ProtectSystem=full ProtectSystem=full
ProtectKernelTunables=true ProtectKernelTunables=true
RestrictRealtime=true RestrictRealtime=true
#RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictAddressFamilies=~AF_PACKET RestrictAddressFamilies=~AF_PACKET
SystemCallFilter=~@debug @mount @cpu-emulation @obsolete @privileged SystemCallFilter=~@debug @mount @cpu-emulation @obsolete @privileged
# FIXME!
# PANIC: unprotected error in call to Lua API (runtime code generation failed, restricted kernel?)
# https://www.freelists.org/post/luajit/luajit-crashes-with-grsec-kernel,1
# MemoryDenyWriteExecute=true
# PrivateMounts=true
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target