| Andrew Geissler | f1e4406 | 2021-04-15 15:52:46 -0500 | [diff] [blame] | 1 | |
| 2 | Run the Parsec service as parsec user in /var/lib/parsec/ working directory. |
| 3 | |
| 4 | Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> |
| 5 | Upstream-Status: Inappropriate [deployment configuration] |
| 6 | |
| Patrick Williams | 03907ee | 2022-05-01 06:28:52 -0500 | [diff] [blame] | 7 | diff --git a/systemd-daemon/parsec.service b/systemd-daemon/parsec.service |
| 8 | index c07c3b9..a6fe6a3 100644 |
| 9 | --- a/systemd-daemon/parsec.service |
| 10 | +++ b/systemd-daemon/parsec.service |
| 11 | @@ -3,13 +3,15 @@ Description=Parsec Service |
| Andrew Geissler | f1e4406 | 2021-04-15 15:52:46 -0500 | [diff] [blame] | 12 | Documentation=https://parallaxsecond.github.io/parsec-book/parsec_service/install_parsec_linux.html |
| Patrick Williams | 03907ee | 2022-05-01 06:28:52 -0500 | [diff] [blame] | 13 | |
| Andrew Geissler | f1e4406 | 2021-04-15 15:52:46 -0500 | [diff] [blame] | 14 | [Service] |
| 15 | -WorkingDirectory=/home/parsec/ |
| 16 | +User=parsec |
| 17 | +Group=parsec |
| 18 | +WorkingDirectory=/var/lib/parsec/ |
| 19 | ExecStart=/usr/libexec/parsec/parsec --config /etc/parsec/config.toml |
| Patrick Williams | 03907ee | 2022-05-01 06:28:52 -0500 | [diff] [blame] | 20 | # Systemd hardening |
| 21 | ProtectSystem=full |
| 22 | ProtectHome=true |
| 23 | ProtectHostname=true |
| 24 | -ProtectKernelTunables=true |
| 25 | +#ProtectKernelTunables=true |
| 26 | ProtectKernelModules=true |
| 27 | ProtectKernelLogs=true |
| 28 | ProtectControlGroups=true |