MINOR: systemd: Add section for SystemD sandboxing to unit file
This commit adds a warning for settings that possibly provide better sandboxing and explains their tradeoffs.
This commit is contained in:
parent
253c3b7516
commit
1ce8de2d93
|
@ -12,5 +12,11 @@ KillMode=mixed
|
||||||
Restart=always
|
Restart=always
|
||||||
Type=notify
|
Type=notify
|
||||||
|
|
||||||
|
# The following lines leverage SystemD's sandboxing options to provide
|
||||||
|
# defense in depth protection at the expense of restricting some flexibility
|
||||||
|
# in your setup (e.g. placement of your configuration files) or possibly
|
||||||
|
# reduced performance. See systemd.service(5) and systemd.exec(5) for further
|
||||||
|
# information.
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
Loading…
Reference in New Issue