This repository has been archived on 2020-08-09. You can view files and clone it, but cannot push or open issues or pull requests.
2020-05-16 21:41:11 +00:00
|
|
|
[Unit]
|
|
|
|
|
StartLimitIntervalSec=0
|
|
|
|
|
|
2020-05-16 18:28:54 +00:00
|
|
|
[Service]
|
2020-07-02 18:49:19 +00:00
|
|
|
User={{ haproxy.user }}
|
|
|
|
|
Group={{ haproxy.group }}
|
2020-05-16 18:28:54 +00:00
|
|
|
|
2020-06-04 12:37:46 +00:00
|
|
|
Restart=on-failure
|
2020-05-16 21:41:11 +00:00
|
|
|
RestartSec=10
|
|
|
|
|
|
2020-05-16 18:28:54 +00:00
|
|
|
Environment=
|
|
|
|
|
Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy/haproxy.pid"
|
|
|
|
|
|
|
|
|
|
ProtectHome=true
|
2020-05-16 21:41:11 +00:00
|
|
|
ProtectSystem=strict
|
2020-05-16 18:28:54 +00:00
|
|
|
PrivateTmp=yes
|
|
|
|
|
PrivateDevices=yes
|
|
|
|
|
RuntimeDirectory=haproxy
|
|
|
|
|
|
|
|
|
|
NoNewPrivileges=true
|
|
|
|
|
RestrictSUIDSGID=yes
|
|
|
|
|
MemoryDenyWriteExecute=yes
|
|
|
|
|
SystemCallFilter=~@cpu-emulation @keyring @module @obsolete @raw-io
|
|
|
|
|
ProtectKernelTunables=true
|
|
|
|
|
ProtectKernelModules=true
|
|
|
|
|
ProtectControlGroups=true
|
|
|
|
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
|
|
|
|
RestrictNamespaces=yes
|
|
|
|
|
LockPersonality=yes
|
