diff options
author | Alex Xu (Hello71) <alex_y_xu@yahoo.ca> | 2020-03-06 18:59:57 -0500 |
---|---|---|
committer | Alex Xu (Hello71) <alex_y_xu@yahoo.ca> | 2020-03-06 18:59:57 -0500 |
commit | 361d396d01f6cdeb49970c0eeb705da442879f05 (patch) | |
tree | b0ebbccecf38e857418e4e52641ceaf757f61206 /syntax-highlighting.service.in | |
download | cgit-syntax-highlighting-361d396d01f6cdeb49970c0eeb705da442879f05.tar.xz cgit-syntax-highlighting-361d396d01f6cdeb49970c0eeb705da442879f05.zip |
Initial commit
Diffstat (limited to 'syntax-highlighting.service.in')
-rw-r--r-- | syntax-highlighting.service.in | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/syntax-highlighting.service.in b/syntax-highlighting.service.in new file mode 100644 index 0000000..db10fb7 --- /dev/null +++ b/syntax-highlighting.service.in @@ -0,0 +1,33 @@ +[Unit] +Description=syntax highlighting server + +[Service] +Type=simple +User=nobody +ExecStart=@libdir@/cgit/syntax-highlighting-server.py localhost 4872 + +IPAddressAllow=localhost +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateNetwork=yes +PrivateTmp=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectKernelLogs=yes +ProtectSystem=strict +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service + +[Install] +WantedBy=multi-user.target |