summaryrefslogtreecommitdiff
path: root/syntax-highlighting.service.in
diff options
context:
space:
mode:
authorAlex Xu (Hello71) <alex_y_xu@yahoo.ca>2020-03-06 18:59:57 -0500
committerAlex Xu (Hello71) <alex_y_xu@yahoo.ca>2020-03-06 18:59:57 -0500
commit361d396d01f6cdeb49970c0eeb705da442879f05 (patch)
treeb0ebbccecf38e857418e4e52641ceaf757f61206 /syntax-highlighting.service.in
downloadcgit-syntax-highlighting-361d396d01f6cdeb49970c0eeb705da442879f05.tar.xz
cgit-syntax-highlighting-361d396d01f6cdeb49970c0eeb705da442879f05.zip
Initial commit
Diffstat (limited to 'syntax-highlighting.service.in')
-rw-r--r--syntax-highlighting.service.in33
1 files changed, 33 insertions, 0 deletions
diff --git a/syntax-highlighting.service.in b/syntax-highlighting.service.in
new file mode 100644
index 0000000..db10fb7
--- /dev/null
+++ b/syntax-highlighting.service.in
@@ -0,0 +1,33 @@
+[Unit]
+Description=syntax highlighting server
+
+[Service]
+Type=simple
+User=nobody
+ExecStart=@libdir@/cgit/syntax-highlighting-server.py localhost 4872
+
+IPAddressAllow=localhost
+IPAddressDeny=any
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateNetwork=yes
+PrivateTmp=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectKernelLogs=yes
+ProtectSystem=strict
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service
+
+[Install]
+WantedBy=multi-user.target