[Unit]
Description=Falco: Container Native Runtime Security with plugin
Documentation=https://falco.org/docs/
PartOf=falco@plugin.target
Conflicts=falco-kmod.service
Conflicts=falco-ebpf.service

[Service]
Type=simple
User=%u
ExecStart=/usr/bin/falco --pidfile=/var/run/falco.pid
UMask=0077
TimeoutSec=30
RestartSec=15s
Restart=on-failure
PrivateTmp=true
NoNewPrivileges=yes
ProtectHome=read-only
ProtectSystem=full
ProtectKernelTunables=true
RestrictRealtime=true
RestrictAddressFamilies=~AF_PACKET
StandardOutput=null