meta-security/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch - openbmc/openbmc - Gitiles


 Run the Parsec service as parsec user in /var/lib/parsec/ working directory.

 Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
 Upstream-Status: Inappropriate [deployment configuration]

 diff --git a/systemd-daemon/parsec.service b/systemd-daemon/parsec.service
 index c07c3b9..a6fe6a3 100644
 --- a/systemd-daemon/parsec.service
 +++ b/systemd-daemon/parsec.service
 @@ -3,13 +3,15 @@ Description=Parsec Service
  Documentation=https://parallaxsecond.github.io/parsec-book/parsec_service/install_parsec_linux.html

  [Service]
 -WorkingDirectory=/home/parsec/
 +User=parsec
 +Group=parsec
 +WorkingDirectory=/var/lib/parsec/
  ExecStart=/usr/libexec/parsec/parsec --config /etc/parsec/config.toml
  # Systemd hardening
  ProtectSystem=full
  ProtectHome=true
  ProtectHostname=true
 -ProtectKernelTunables=true
 +#ProtectKernelTunables=true
  ProtectKernelModules=true
  ProtectKernelLogs=true
  ProtectControlGroups=true

	Run the Parsec service as parsec user in /var/lib/parsec/ working directory.

	Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
	Upstream-Status: Inappropriate [deployment configuration]

	diff --git a/systemd-daemon/parsec.service b/systemd-daemon/parsec.service
	index c07c3b9..a6fe6a3 100644
	--- a/systemd-daemon/parsec.service
	+++ b/systemd-daemon/parsec.service
	@@ -3,13 +3,15 @@ Description=Parsec Service
	Documentation=https://parallaxsecond.github.io/parsec-book/parsec_service/install_parsec_linux.html

	[Service]
	-WorkingDirectory=/home/parsec/
	+User=parsec
	+Group=parsec
	+WorkingDirectory=/var/lib/parsec/
	ExecStart=/usr/libexec/parsec/parsec --config /etc/parsec/config.toml
	# Systemd hardening
	ProtectSystem=full
	ProtectHome=true
	ProtectHostname=true
	-ProtectKernelTunables=true
	+#ProtectKernelTunables=true
	ProtectKernelModules=true
	ProtectKernelLogs=true
	ProtectControlGroups=true