github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-05-16 03:40:09 +00:00
Code Issues Projects Releases Wiki Activity
master
falco/scripts/systemd/falco-kmod.service
Federico Di Pierro 27161bb508 chore(scripts/systemd): properly make use of new config keys in systemd units. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2023-12-11 16:37:39 +01:00

31 lines
697 B
Desktop File
Raw Permalink Blame History

[Unit]
Description=Falco: Container Native Runtime Security with kmod
Documentation=https://falco.org/docs/
After=falco-kmod-inject.service
Requires=falco-kmod-inject.service
Before=falcoctl-artifact-follow.service
Wants=falcoctl-artifact-follow.service
[Service]
Type=simple
User=root
ExecStart=/usr/bin/falco -o engine.kind=kmod
ExecReload=kill -1 $MAINPID
UMask=0077
TimeoutSec=30
RestartSec=15s
Restart=on-failure
PrivateTmp=true
NoNewPrivileges=yes
ProtectHome=read-only
ProtectSystem=full
ProtectKernelTunables=true
ReadWriteDirectories=/sys/module/falco
RestrictRealtime=true
RestrictAddressFamilies=~AF_PACKET
StandardOutput=null
[Install]
WantedBy=multi-user.target
Alias=falco.service
Reference in New Issue View Git Blame Copy Permalink