github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-01-29 21:48:32 +00:00
Code Issues Projects Releases Wiki Activity
Files
39bb5c28c7f329a817e04ca091dbbe6f61c38aad
falco/scripts/debian/falco.service
JenTing Hsiao 39bb5c28c7 Migrate from init to systemd in debian package 
Signed-off-by: JenTing Hsiao <jenting.hsiao@suse.com>
2021-03-12 10:45:31 +01:00

30 lines
774 B
Desktop File
Raw Blame History

[Unit]
Description=Falco: Container Native Runtime Security
[Service]
Type=simple
User=root
ExecStart=/usr/bin/falco --pidfile=/var/run/falco.pid
UMask=0077
TimeoutSec=30
RestartSec=15s
#Restart=always
Restart=on-failure
NoNewPrivileges=yes
PrivateTmp=true
ProtectHome=read-only
ProtectSystem=full
ProtectKernelTunables=true
RestrictRealtime=true
#RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictAddressFamilies=~AF_PACKET
SystemCallFilter=~@debug @mount @cpu-emulation @obsolete @privileged
# FIXME!
# PANIC: unprotected error in call to Lua API (runtime code generation failed, restricted kernel?)
# https://www.freelists.org/post/luajit/luajit-crashes-with-grsec-kernel,1
# MemoryDenyWriteExecute=true
# PrivateMounts=true
[Install]
WantedBy=multi-user.target
Reference in New Issue View Git Blame Copy Permalink