This unit is provided by:
Options
-
[Service]-
AmbientCapabilities=
-
BindReadOnlyPaths=/etc /run/systemd glibc-locales-2.35-163 public-inbox-description-repo1 public-inbox-description-repo2 /usr/bin/dash:/bin/sh /nix/store -
CapabilityBoundingSet= -
DeviceAllow= -
Environment=PERL_INLINE_DIRECTORY=/run/public-inbox-init/perl-inline -
ExecStart=/usr/bin/public-inbox-init-start -
Group=public-inbox -
LockPersonalityIntroduced in systemd 235=yes -
MemoryDenyWriteExecuteIntroduced in systemd 231=yes -
MountAPIVFS=yes -
NoNewPrivilegesIntroduced in systemd 239=yes -
NonBlocking=yes -
PrivateDevicesIntroduced in systemd 209=yes -
PrivateMounts=yes -
PrivateNetwork=yes -
PrivateTmp=yes -
PrivateUsers=yes -
ProcSubsetIntroduced in systemd 247=pid -
ProtectClockIntroduced in systemd 245=yes -
ProtectControlGroupsIntroduced in systemd 232=yes -
ProtectHomeIntroduced in systemd 214=yes -
ProtectHostnameIntroduced in systemd 242=yes -
ProtectKernelLogsIntroduced in systemd 244=yes -
ProtectKernelModulesIntroduced in systemd 232=yes -
ProtectKernelTunablesIntroduced in systemd 232=yes -
ProtectProcIntroduced in systemd 247=invisible -
RemainAfterExit=yes -
RemoveIPCIntroduced in systemd 232=yes -
RestrictAddressFamilies=AF_UNIX -
RestrictNamespacesIntroduced in systemd 233=yes -
RestrictRealtimeIntroduced in systemd 231=yes -
RestrictSUIDSGIDIntroduced in systemd 242=yes -
RootDirectory=/var/empty -
RuntimeDirectory=public-inbox-init/perl-inline -
RuntimeDirectoryMode=700 -
StateDirectory=public-inbox/.public-inbox public-inbox/.public-inbox/emergency public-inbox/inboxes public-inbox -
StateDirectoryMode=0750 -
SystemCallArchitectures=native -
SystemCallFilter=@system-service ~@aio ~@chown ~@keyring ~@memlock ~@resources -
TemporaryFileSystem=/ -
Type=oneshot -
UMask=0066 -
User=public-inbox -
WorkingDirectory=/var/lib/public-inbox
-
-
[Unit]
Additionnal notes
Nothing here.