diff options
Diffstat (limited to 'tools/mpd-stats/systemd')
| -rw-r--r-- | tools/mpd-stats/systemd/mpd-scrobbler.service | 42 |
1 files changed, 0 insertions, 42 deletions
diff --git a/tools/mpd-stats/systemd/mpd-scrobbler.service b/tools/mpd-stats/systemd/mpd-scrobbler.service deleted file mode 100644 index e033a99..0000000 --- a/tools/mpd-stats/systemd/mpd-scrobbler.service +++ /dev/null @@ -1,42 +0,0 @@ -[Unit] -Description=mpd scrobbler -Documentation=https://git.fcuny.net/fcuny/mpd-stats -ConditionFileIsExecutable=%h/workspace/go/bin/mpd-scrobbler - -[Service] -ExecStart=%h/workspace/go/bin/mpd-scrobbler -Restart=on-failure - -PrivateTmp=yes -ProtectSystem=strict -NoNewPrivileges=yes -ProtectHome=yes - -# Prohibit access to any kind of namespacing: -RestrictNamespaces=yes - -# Make cgroup file system hierarchy inaccessible: -ProtectControlGroups=yes - -# Deny access to other user’s information in /proc: -ProtectProc=invisible - -# Only allow access to /proc pid files, no other files: -ProcSubset=pid - -# This daemon must not create any new files, but set the umask to 077 just in case. -UMask=077 - -# Filter dangerous system calls. The following is listed as safe basic choice -# in systemd.exec(5): -SystemCallArchitectures=native -SystemCallFilter=@system-service -SystemCallFilter=~@privileged -SystemCallFilter=~@resources -SystemCallErrorNumber=EPERM - -# Deny kernel execution domain changing: -LockPersonality=yes - -# Deny memory mappings that are writable and executable: -MemoryDenyWriteExecute=yes |