This unit is provided by:
Options
-
[Install]
-
WantedBy=multi-user.target
-
-
[Service]
-
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH
-
ExecStart=/usr/sbin/kanidm_unixd_tasks
-
KillSignal=SIGINT
-
MemoryDenyWriteExecute
Introduced in systemd 231=yes -
NoNewPrivileges
Introduced in systemd 239=yes -
PrivateDevices
Introduced in systemd 209=yes -
PrivateNetwork=yes
-
PrivateTmp=yes
-
ProtectClock
Introduced in systemd 245=yes -
ProtectControlGroups
Introduced in systemd 232=yes -
ProtectHostname
Introduced in systemd 242=yes -
ProtectKernelLogs
Introduced in systemd 244=yes -
ProtectKernelModules
Introduced in systemd 232=yes -
ProtectKernelTunables
Introduced in systemd 232=yes -
ProtectSystem
Introduced in systemd 214=strict -
ReadWritePaths=/home /var/run/kanidm-unixd
-
RestrictAddressFamilies=AF_UNIX
-
Type=simple
-
User=root
-
-
[Unit]
-
After=chronyd.service ntpd.service network-online.target kanidm-unixd.service
-
Description=Kanidm Local Tasks
-
Additionnal notes
Nothing here.