github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-30 00:22:15 +00:00
Code Issues Projects Releases Wiki Activity

Modprobe/rmmod at systemd service start/stop

Browse Source 
Signed-off-by: JenTing Hsiao <jenting.hsiao@suse.com>
This commit is contained in:
JenTing Hsiao 2021-02-04 14:26:14 +08:00 committed by poiana
parent 5661b491af
commit e1d3e68a84
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
scripts/debian/falco.service
View File

@ -4,7 +4,9 @@ Description=Falco: Container Native Runtime Security
[Service] [Service]
Type=simple Type=simple
User=root User=root
ExecStartPre=/sbin/modprobe falco
ExecStart=/usr/bin/falco --pidfile=/var/run/falco.pid ExecStart=/usr/bin/falco --pidfile=/var/run/falco.pid
ExecStopPost=/sbin/rmmod falco
UMask=0077 UMask=0077
TimeoutSec=30 TimeoutSec=30
RestartSec=15s RestartSec=15s
@ -16,7 +18,6 @@ ProtectSystem=full
ProtectKernelTunables=true ProtectKernelTunables=true
RestrictRealtime=true RestrictRealtime=true
RestrictAddressFamilies=~AF_PACKET RestrictAddressFamilies=~AF_PACKET
SystemCallFilter=~@debug @mount @cpu-emulation @obsolete @privileged
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

3
scripts/rpm/falco.service
View File

@ -4,7 +4,9 @@ Description=Falco: Container Native Runtime Security
[Service] [Service]
Type=simple Type=simple
User=root User=root
ExecStartPre=/sbin/modprobe falco
ExecStart=/usr/bin/falco --pidfile=/var/run/falco.pid ExecStart=/usr/bin/falco --pidfile=/var/run/falco.pid
ExecStopPost=/sbin/rmmod falco
UMask=0077 UMask=0077
TimeoutSec=30 TimeoutSec=30
RestartSec=15s RestartSec=15s
@ -16,7 +18,6 @@ ProtectSystem=full
ProtectKernelTunables=true ProtectKernelTunables=true
RestrictRealtime=true RestrictRealtime=true
RestrictAddressFamilies=~AF_PACKET RestrictAddressFamilies=~AF_PACKET
SystemCallFilter=~@debug @mount @cpu-emulation @obsolete @privileged
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target