upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-06-10 17:32:03 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

MINOR: systemd: Add SystemD's SystemCallFilter option to the unit file

Browse source 
This option takes away system calls that are unneeded for haproxy's
operation and thus is a good defense in depth measure.
This commit is contained in:
Tim Duesterhus 2018-02-27 20:19:05 +01:00 committed by Willy Tarreau
parent 8a9659212e
commit 2788a39c07
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
contrib/systemd/haproxy.service.in
View file

@ -27,6 +27,8 @@ Type=notify
# ProtectKernelTunables=true
# ProtectKernelModules=true
# ProtectControlGroups=true
# If your SystemD version supports them, you can add: @reboot, @swap, @sync
# SystemCallFilter=~@cpu-emulation @keyring @module @obsolete @raw-io
[Install]
WantedBy=multi-user.target