summaryrefslogtreecommitdiffstats
path: root/system/netdata.service.in
blob: 0dd6eba38d9f18aa4f3d8ee922a3b00390c2e495 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

[Unit]
Description=Linux real time system monitoring, done right
After=network.target httpd.service squid.service nfs-server.service mysqld.service named.service postfix.service

[Service]
Type=forking
WorkingDirectory=/tmp
User=netdata
Group=netdata
RuntimeDirectory=netdata
PIDFile=@localstatedir_POST@/run/netdata/netdata.pid
ExecStart=@sbindir_POST@/netdata -P @localstatedir_POST@/run/netdata/netdata.pid
KillMode=mixed
KillSignal=SIGTERM
TimeoutStopSec=30

#Hardening
AmbientCapabilities=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE
CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE
PrivateTmp=true
ProtectSystem=full
ProtectHome=read-only
#NoNewPrivileges=true is implicitly set by the MemoryDenyWriteExecute=true
MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-10 12:37:16 +0000