github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-07 09:40:44 +00:00
Code Issues Projects Releases Wiki Activity

chore(scripts): added support for falco@plugin.target.

Browse Source 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
This commit is contained in:
Federico Di Pierro
2022-10-24 17:24:56 +02:00
committed by poiana
parent b04bb2e32e
commit 91fe2e9e24
9 changed files with 38 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
scripts/systemd/falco-ebpf.service
View File

@@ -3,6 +3,7 @@ Description=Falco: Container Native Runtime Security with ebpf
Documentation=https://falco.org/docs/
PartOf=falco@ebpf.target
Conflicts=falco-kmod.service
Conflicts=falco-plugin.service
[Service]
Type=simple

1
scripts/systemd/falco-kmod.service
View File

@@ -5,6 +5,7 @@ After=falco-kmod-inject.service
Requires=falco-kmod-inject.service
PartOf=falco@kmod.target
Conflicts=falco-ebpf.service
Conflicts=falco-plugin.service
[Service]
Type=simple

23
scripts/systemd/falco-plugin.service Normal file
View File

@@ -0,0 +1,23 @@
[Unit]
Description=Falco: Container Native Runtime Security with plugin
Documentation=https://falco.org/docs/
PartOf=falco@plugin.target
Conflicts=falco-kmod.service
Conflicts=falco-ebpf.service
[Service]
Type=simple
User=%u
ExecStart=/usr/bin/falco --pidfile=/var/run/falco.pid
UMask=0077
TimeoutSec=30
RestartSec=15s
Restart=on-failure
PrivateTmp=true
NoNewPrivileges=yes
ProtectHome=read-only
ProtectSystem=full
ProtectKernelTunables=true
RestrictRealtime=true
RestrictAddressFamilies=~AF_PACKET
StandardOutput=null