Compare commits
137 commits
Author | SHA1 | Date | |
---|---|---|---|
Alex Manning | 71439499a7 | ||
Alex Manning | 3e07507726 | ||
52bf2f3ea0 | |||
c7e5530da6 | |||
Alex Manning | 82361b4dae | ||
Alex Manning | f66f3a36a8 | ||
3fd3d881f8 | |||
a142d9680c | |||
95722cc58b | |||
47f5502751 | |||
159861ff82 | |||
33211b7923 | |||
8ae5dec1db | |||
ebbe65d4a2 | |||
1789dec058 | |||
801f429df4 | |||
e7c61e994b | |||
18ba380922 | |||
Alex Manning | db4a7d12c1 | ||
Alex Manning | 8639064d06 | ||
Alex Manning | 4310789310 | ||
Alex Manning | 721a90fdf0 | ||
356f79beea | |||
f3a8d57f3c | |||
Alex Manning | f08ce7bd2f | ||
ed66f90719 | |||
43b3e68265 | |||
cc98af5e33 | |||
Alex Manning | 48f6f257b7 | ||
2c55219c1c | |||
04f7b9ad80 | |||
653ced802e | |||
49740b547f | |||
6132902215 | |||
Alex Manning | 923038a681 | ||
a53ed73b6c | |||
c71ab7f0a2 | |||
Alex Manning | a19f7b49b8 | ||
Alex Manning | 69bd1e29de | ||
2111b63c63 | |||
Alex Manning | faff109bb1 | ||
Alex Manning | 9a57fd4823 | ||
Alex Manning | 3d7ab25404 | ||
Alex Manning | f54154acfb | ||
Alex Manning | e9c242edc1 | ||
9850d26178 | |||
Alex Manning | 3c405430ea | ||
Alex Manning | 8c58a9b484 | ||
212fb80bb2 | |||
Alex Manning | d2638ff8aa | ||
Alex Manning | b970298303 | ||
Alex Manning | 6aef8b1f02 | ||
Alex Manning | 038f50e5d9 | ||
bb78e6f97b | |||
6ba00b438d | |||
fa84f97be5 | |||
Alex Manning | 9bfae8299d | ||
Alex Manning | 8926e5d60e | ||
27ba1bd03a | |||
9834725e22 | |||
Alex Manning | c6cb7c1d18 | ||
123b2c7859 | |||
43c493270c | |||
Alex Manning | daa271fddc | ||
db3dab5754 | |||
Alex Manning | ef873f75b2 | ||
Alex Manning | 3de669cb27 | ||
441d69e783 | |||
Alex Manning | 9d93fd8ee6 | ||
Alex Manning | beb0fad02f | ||
Alex Manning | 5aa2c9d0f1 | ||
Alex Manning | 9ca9ede2b6 | ||
f3881d8800 | |||
c419b6ee01 | |||
Alex Manning | ba740a9bc6 | ||
94f4286948 | |||
Alex Manning | 78f415c0ab | ||
Alex Manning | c30b097f3f | ||
bc82908238 | |||
a74c98d53d | |||
Alex Manning | ec6f58880d | ||
Alex Manning | 1fd70d0f12 | ||
Alex Manning | 20a57c5fcd | ||
Alex Manning | 5d0ad886d5 | ||
Alex Manning | 50afb28317 | ||
Alex Manning | 27b868bfa0 | ||
Alex Manning | 3aa6f6933d | ||
4cb09f3815 | |||
Alex Manning | bc2c38c626 | ||
167105048f | |||
Alex Manning | 27105bd158 | ||
aab90fe6a3 | |||
5dcb251ed2 | |||
05bab657ef | |||
d1eb576c71 | |||
18ca30d293 | |||
Alex Manning | a372e139a4 | ||
Alex Manning | 9214a71915 | ||
Alex Manning | 8fb624c54b | ||
Alex Manning | d28d1b0760 | ||
Alex Manning | be900f4f78 | ||
Alex Manning | ab3afc8da2 | ||
Alex Manning | c032074b69 | ||
Alex Manning | 2a83f6aac4 | ||
Alex Manning | b000650488 | ||
Alex Manning | a08fff9724 | ||
Alex Manning | 41c72676fa | ||
bb3a279180 | |||
Alex Manning | 346cda9087 | ||
Alex Manning | 7fa32cbc13 | ||
Alex Manning | 6bbe3d8e24 | ||
Alex Manning | f886c5cfdd | ||
Alex Manning | b7993426ac | ||
Alex Manning | 04b292161b | ||
711c9c91c0 | |||
2e5b574767 | |||
e060fa6332 | |||
c29fe9feb2 | |||
ee741f684c | |||
bfc6883e7a | |||
23f2d59688 | |||
3ecef91ae7 | |||
7490d07212 | |||
fd50b14b72 | |||
68ffffe60f | |||
bb016563c0 | |||
41c3d76b55 | |||
e4f6625057 | |||
31f67dc4f3 | |||
adf3d76483 | |||
230b63ad0a | |||
c1a0d9bfdc | |||
b31bd6fe8b | |||
ee477a45bb | |||
338d2e8dd8 | |||
8509f262ec | |||
5e0b0ed431 |
|
@ -2,69 +2,39 @@
|
|||
|
||||
# Version suffix in URL when building release candidates
|
||||
%global rcx %{nil}
|
||||
%global ghversion 1.66.0
|
||||
|
||||
%{?python_enable_dependency_generator}
|
||||
|
||||
%if "%{rcx}"
|
||||
%global rcv ~%{rcx}
|
||||
%else
|
||||
%global rcv %{nil}
|
||||
%endif
|
||||
|
||||
Name: matrix-%{srcname}
|
||||
Version: 1.26.0
|
||||
Version: %{ghversion}%{rcv}
|
||||
Release: 1%{?dist}
|
||||
Summary: A Matrix reference homeserver written in Python using Twisted
|
||||
License: ASL 2.0
|
||||
URL: https://github.com/matrix-org/%{srcname}
|
||||
Source0: %{url}/archive/v%{version}%{rcx}/%{srcname}-%{version}%{rcx}.tar.gz
|
||||
Source0: %{url}/archive/v%{ghversion}%{rcx}/%{srcname}-%{ghversion}%{rcx}.tar.gz
|
||||
Source1: synapse.sysconfig
|
||||
Source2: synapse.service
|
||||
Source4: synapse@.service
|
||||
|
||||
Source3: matrix-synapse.sysusers
|
||||
BuildArch: noarch
|
||||
|
||||
Recommends: %{name}+postgres
|
||||
Recommends: %{name}+systemd
|
||||
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: python3-setuptools
|
||||
|
||||
# Test dependencies
|
||||
BuildRequires: python3-mock >= 2.0
|
||||
BuildRequires: python3-parameterized >= 0.7.0
|
||||
BuildRequires: /usr/bin/openssl
|
||||
|
||||
# Package dependencies
|
||||
#BuildRequires: python3-txacme >= 0.9.2
|
||||
BuildRequires: python3-attrs >= 19.1.0
|
||||
BuildRequires: python3-authlib
|
||||
BuildRequires: python3-bcrypt >= 3.1.0
|
||||
BuildRequires: python3-bleach >= 1.4.3
|
||||
BuildRequires: python3-canonicaljson >= 1.4.0
|
||||
BuildRequires: python3-daemonize >= 2.3.1
|
||||
BuildRequires: python3-frozendict >= 1.0
|
||||
BuildRequires: python3-idna >= 2.5
|
||||
BuildRequires: python3-jinja2 >= 2.9
|
||||
BuildRequires: python3-jsonschema >= 2.5.1
|
||||
BuildRequires: python3-jwt
|
||||
BuildRequires: python3-lxml >= 3.5.0
|
||||
BuildRequires: python3-matrix-synapse-ldap3 >= 0.1
|
||||
BuildRequires: python3-msgpack >= 0.5.2
|
||||
BuildRequires: python3-netaddr >= 0.7.18
|
||||
BuildRequires: python3-phonenumbers >= 8.2.0
|
||||
BuildRequires: python3-pillow >= 4.3.0
|
||||
BuildRequires: python3-prometheus_client
|
||||
BuildRequires: python3-pyOpenSSL >= 16.0.0
|
||||
BuildRequires: python3-pyasn1 >= 0.1.9
|
||||
BuildRequires: python3-pyasn1-modules >= 0.0.7
|
||||
BuildRequires: python3-pymacaroons-pynacl >= 0.13.0
|
||||
BuildRequires: python3-pynacl >= 1.2.1
|
||||
BuildRequires: python3-pysaml2 >= 4.5.0
|
||||
BuildRequires: python3-pyyaml >= 3.11
|
||||
BuildRequires: python3-service-identity >= 18.1.0
|
||||
BuildRequires: python3-signedjson >= 1.1.0
|
||||
BuildRequires: python3-sortedcontainers >= 1.4.4
|
||||
BuildRequires: python3-systemd >= 231
|
||||
BuildRequires: python3-treq >= 15.1
|
||||
BuildRequires: python3-twisted >= 18.9.0
|
||||
BuildRequires: python3-typing-extensions >= 3.7.4
|
||||
BuildRequires: python3-unpaddedbase64 >= 1.1.0
|
||||
BuildRequires: systemd
|
||||
BuildRequires: systemd-rpm-macros
|
||||
# Workaround missing python-saml2 dependencies in f35 and f36.
|
||||
BuildRequires: xmlsec1
|
||||
|
||||
Requires(pre): shadow-utils
|
||||
Requires: systemd
|
||||
%{?systemd_requires}
|
||||
BuildRequires: xmlsec1-openssl
|
||||
|
||||
%description
|
||||
Matrix is an ambitious new ecosystem for open federated Instant Messaging and
|
||||
|
@ -74,67 +44,207 @@ to showcase the concept of Matrix and let folks see the spec in the context of
|
|||
a coded base and let you run your own homeserver and generally help bootstrap
|
||||
the ecosystem.
|
||||
|
||||
%pyproject_extras_subpkg -n %{name} matrix-synapse-ldap3 postgres saml2 oidc systemd url_preview jwt cache_memory
|
||||
|
||||
|
||||
%prep
|
||||
%autosetup -p1 -n %{srcname}-%{version}%{rcx}
|
||||
%autosetup -p1 -n %{srcname}-%{ghversion}%{rcx}
|
||||
|
||||
#sed -i 's|"cryptography>=3.4.7",|"cryptography>=3.4",|' synapse/python_dependencies.py
|
||||
#rm tests/storage/test_background_update.py
|
||||
|
||||
# We don't support the built-in client so remove all the bundled JS.
|
||||
rm -rf synapse/static
|
||||
|
||||
|
||||
%generate_buildrequires
|
||||
# Missing: sentry,opentracing,redis
|
||||
%pyproject_buildrequires -x test,matrix-synapse-ldap3,postgres,saml2,oidc,systemd,url_preview,jwt,cache_memory
|
||||
|
||||
|
||||
|
||||
%build
|
||||
%py3_build
|
||||
%pyproject_wheel
|
||||
|
||||
|
||||
%install
|
||||
%py3_install
|
||||
|
||||
# Synapse includes some benchmarks in a separate Python package named "synmark"
|
||||
# which is installed by default. Remove it to avoid shipping it in the Fedora
|
||||
# package, since it is unlikely to be useful to end users.
|
||||
rm -r %{buildroot}%{python3_sitelib}/synmark/
|
||||
%pyproject_install
|
||||
%py3_shebang_fix %{buildroot}%{python3_sitelib}/%{srcname}/_scripts
|
||||
%pyproject_save_files %{srcname}
|
||||
|
||||
install -p -D -T -m 0644 contrib/systemd/log_config.yaml %{buildroot}%{_sysconfdir}/synapse/log_config.yaml
|
||||
install -p -D -T -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/synapse
|
||||
install -p -D -T -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/synapse.service
|
||||
install -p -D -T -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/synapse@.service
|
||||
install -p -d -m 755 %{buildroot}/%{_sharedstatedir}/synapse
|
||||
|
||||
install -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysusersdir}/%{name}.conf
|
||||
|
||||
%check
|
||||
PYTHONPATH=. trial-3 tests
|
||||
set -o pipefail
|
||||
PYTHONPATH=%{buildroot}%{python3_sitearch}:%{buildroot}%{python3_sitelib}:$PWD trial-3 tests | tee trial.stdout
|
||||
|
||||
# Guard against new types of tests being skipped.
|
||||
WHITELIST="Requires hiredis
|
||||
Requires jaeger_client
|
||||
Requires Postgres
|
||||
\`BaseFederationServlet\` does not support cancellation yet."
|
||||
REASONS=$(cat trial.stdout | sed -n '/^\[SKIPPED\]$/{n;p;}')
|
||||
SKIPPED=$(comm -23 <(echo "$REASONS" | sort | uniq) <(echo "$WHITELIST" | sort | uniq))
|
||||
if [ ! -z "$SKIPPED" ]; then
|
||||
echo -e "Failing, because tests were skipped:\n$SKIPPED"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
%pre
|
||||
getent group synapse >/dev/null || groupadd -r synapse
|
||||
getent passwd synapse >/dev/null || \
|
||||
useradd -r -g synapse -d %{_sharedstatedir}/synapse -s /sbin/nologin \
|
||||
-c "The user for the Synapse Matrix server" synapse
|
||||
exit 0
|
||||
%sysusers_create_compat %{SOURCE3}
|
||||
|
||||
|
||||
%post
|
||||
%systemd_post synapse.service
|
||||
%systemd_post synapse@*.service
|
||||
|
||||
|
||||
%preun
|
||||
%systemd_preun synapse.service
|
||||
%systemd_preun synapse@*.service
|
||||
|
||||
|
||||
%postun
|
||||
%systemd_postun_with_restart synapse.service
|
||||
%systemd_postun_with_restart synapse@*.service
|
||||
|
||||
|
||||
%files
|
||||
%files -f %{pyproject_files}
|
||||
%license LICENSE
|
||||
%doc *.rst
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/synapse
|
||||
%{python3_sitelib}/synapse/
|
||||
%{python3_sitelib}/matrix_synapse*.egg-info/
|
||||
%{_bindir}/*
|
||||
%{_unitdir}/synapse.service
|
||||
%{_unitdir}/synapse@.service
|
||||
%attr(755,synapse,synapse) %dir %{_sharedstatedir}/synapse
|
||||
%attr(755,synapse,synapse) %dir %{_sysconfdir}/synapse
|
||||
%attr(644,synapse,synapse) %config(noreplace) %{_sysconfdir}/synapse/*
|
||||
%{_sysusersdir}/%{name}.conf
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Jul 26 2022 Kai A. Hiller <V02460@gmail.com> - 1.63.1-1
|
||||
- Update to v1.63.1
|
||||
|
||||
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.62.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
* Thu Jul 14 2022 Kai A. Hiller <V02460@gmail.com> - 1.62.0-1
|
||||
- Update to v1.62.0
|
||||
|
||||
* Wed Jun 29 2022 Kai A. Hiller <V02460@gmail.com> - 1.61.1-1
|
||||
- Update to v1.61.1
|
||||
- Fix CVE-2022-31052
|
||||
|
||||
* Tue Jun 14 2022 Kai A. Hiller <V02460@gmail.com> - 1.61.0-1
|
||||
- Update to v1.61.0
|
||||
|
||||
* Thu Jun 09 2022 Kai A. Hiller <V02460@gmail.com> - 1.60.0-1
|
||||
- Update to v1.60.0
|
||||
|
||||
* Thu May 19 2022 Kai A. Hiller <V02460@gmail.com> - 1.59.1-1
|
||||
- Update to v1.59.1
|
||||
|
||||
* Wed May 18 2022 Kai A. Hiller <V02460@gmail.com> - 1.59.0-1
|
||||
- Update to v1.59.0
|
||||
|
||||
* Wed May 04 2022 Kai A. Hiller <V02460@gmail.com> - 1.58.0-1
|
||||
- Update to v1.58.0
|
||||
|
||||
* Thu Apr 21 2022 Dan Callaghan <djc@djc.id.au> - 1.57.0-1
|
||||
- Update to v1.57.0
|
||||
|
||||
* Tue Apr 05 2022 Kai A. Hiller <V02460@gmail.com> - 1.56.0-1
|
||||
- Update to v1.56.0
|
||||
|
||||
* Thu Mar 24 2022 Kai A. Hiller <V02460@gmail.com> - 1.55.0-1
|
||||
- Update to v1.55.0
|
||||
|
||||
* Tue Mar 08 2022 Kai A. Hiller <V02460@gmail.com> - 1.54.0-1
|
||||
- Update to v1.54.0
|
||||
|
||||
* Tue Feb 22 2022 Kai A. Hiller <V02460@gmail.com> - 1.53.0-1
|
||||
- Update to v1.53.0
|
||||
|
||||
* Wed Feb 09 2022 Kai A. Hiller <V02460@gmail.com> - 1.52.0-2
|
||||
- Backport: Fix losing incoming EDUs if debug logging enabled
|
||||
|
||||
* Tue Feb 08 2022 Kai A. Hiller <V02460@gmail.com> - 1.52.0-1
|
||||
- Update to v1.52.0
|
||||
- Create synapse user and group declaratively
|
||||
|
||||
* Thu Jan 27 2022 Kai A. Hiller <V02460@gmail.com> - 1.51.0-1
|
||||
- Update to v1.51.0
|
||||
|
||||
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.49.2-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
* Tue Dec 21 2021 Kai A. Hiller <V02460@gmail.com> - 1.49.2-1
|
||||
- Update to v1.49.2
|
||||
|
||||
* Tue Dec 14 2021 Kai A. Hiller <V02460@gmail.com> - 1.49.0-1
|
||||
- Update to v1.49.0
|
||||
|
||||
* Tue Nov 30 2021 Kai A. Hiller <V02460@gmail.com> - 1.48.0-1
|
||||
- Update to v1.48.0
|
||||
|
||||
* Wed Nov 24 2021 Kai A. Hiller <V02460@gmail.com> - 1.47.1-1
|
||||
- Update to v1.47.1
|
||||
- Fix CVE-2021-41281
|
||||
|
||||
* Fri Nov 19 2021 Kai A. Hiller <V02460@gmail.com> - 1.47.0-1
|
||||
- Update to v1.47.0
|
||||
|
||||
* Thu Nov 04 2021 Kai A. Hiller <V02460@gmail.com> - 1.46.0-1
|
||||
- Update to v1.46.0
|
||||
|
||||
* Thu Oct 21 2021 Kai A. Hiller <V02460@gmail.com> - 1.45.1-1
|
||||
- Update to v1.45.1
|
||||
|
||||
* Mon Oct 18 2021 Kai A. Hiller <V02460@gmail.com> - 1.44.0-1
|
||||
- Update to v1.44.0
|
||||
|
||||
* Thu Sep 09 2021 Kai A. Hiller <V02460@gmail.com> - 1.42.0-1
|
||||
- Update to v1.42.0
|
||||
|
||||
* Tue Aug 31 2021 Kai A. Hiller <V02460@gmail.com> - 1.41.1-1
|
||||
- Update to v1.41.1
|
||||
- Fix CVE-2021-39163, CVE-2021-39164
|
||||
|
||||
* Tue Aug 24 2021 Kai A. Hiller <V02460@gmail.com> - 1.41.0-1
|
||||
- Update to v1.41.0
|
||||
|
||||
* Tue Aug 10 2021 Kai A. Hiller <V02460@gmail.com> - 1.40.0-1
|
||||
- Update to v1.40.0
|
||||
|
||||
* Thu Jul 29 2021 Kai A. Hiller <V02460@gmail.com> - 1.39.0-1
|
||||
- Update to v1.39.0
|
||||
|
||||
* Fri Jul 23 2021 Kai A. Hiller <V02460@gmail.com> - 1.38.1-1
|
||||
- Update to v1.38.1
|
||||
|
||||
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.38.0-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
* Sun Jul 18 2021 Dan Callaghan <djc@djc.id.au> - 1.38.0-2
|
||||
- fix startup ordering of synapse.service (RHBZ#1910740)
|
||||
- relax version requirement for python3-cryptography
|
||||
|
||||
* Wed Jul 14 2021 Kai A. Hiller <V02460@gmail.com> - 1.38.0-1
|
||||
- Update to v1.38.0
|
||||
|
||||
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 1.26.0-3
|
||||
- Rebuilt for Python 3.10
|
||||
|
||||
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.26.0-2
|
||||
- Rebuilt for updated systemd-rpm-macros
|
||||
See https://pagure.io/fesco/issue/2583.
|
||||
|
||||
* Thu Jan 28 2021 Kai A. Hiller <V02460@gmail.com> - 1.26.0-1
|
||||
- Update to v1.26.0
|
||||
|
||||
|
|
2
matrix-synapse.sysusers
Normal file
2
matrix-synapse.sysusers
Normal file
|
@ -0,0 +1,2 @@
|
|||
#Type Name ID GECOS Home directory Shell
|
||||
u synapse - "Runs the Synapse Matrix homeserver" /run/synapse /sbin/nologin
|
1
sources
1
sources
|
@ -1 +0,0 @@
|
|||
SHA512 (synapse-1.26.0.tar.gz) = 82ca85aa4dc1e3220f89e7f6815786135fa9bd0b33a1055f63b309b1fa193eeb993f832db573586945191e7195e42926c5342776b249dbc8e83daf4c196f00a4
|
|
@ -1,5 +1,6 @@
|
|||
[Unit]
|
||||
Description=Synapse Matrix homeserver
|
||||
After=network-online.target postgresql.service
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
|
@ -7,7 +8,7 @@ NotifyAccess=main
|
|||
User=synapse
|
||||
Group=synapse
|
||||
WorkingDirectory=/var/lib/synapse
|
||||
ExecStart=/usr/bin/python3 -m synapse.app.homeserver --config-path=/etc/synapse/homeserver.yaml
|
||||
ExecStart=/usr/bin/synapse_homeserver --config-path=/etc/synapse/homeserver.yaml
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
# EnvironmentFile=-/etc/sysconfig/synapse # Can be used to e.g. set SYNAPSE_CACHE_FACTOR
|
||||
SyslogIdentifier=synapse
|
||||
|
|
70
synapse@.service
Normal file
70
synapse@.service
Normal file
|
@ -0,0 +1,70 @@
|
|||
[Unit]
|
||||
Description=Synapse Worker %i
|
||||
AssertPathExists=/etc/synapse/workers/%i.yaml
|
||||
|
||||
# This service should be restarted when the synapse target is restarted.
|
||||
#PartOf=synapse.target
|
||||
#ReloadPropagatedFrom=synapse.target
|
||||
|
||||
# if this is started at the same time as the main, let the main process start
|
||||
# first, to initialise the database schema.
|
||||
After=synapse.service
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
NotifyAccess=main
|
||||
User=synapse
|
||||
WorkingDirectory=/var/lib/synapse
|
||||
ExecStart=/usr/bin/synapse_worker --config-path=/etc/synapse/homeserver.yaml --config-path=/etc/synapse/workers/%i.yaml
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
Restart=on-failure
|
||||
RestartSec=3
|
||||
SyslogIdentifier=synapse-%i
|
||||
|
||||
Environment="LD_PRELOAD=/usr/lib64/libjemalloc.so.2"
|
||||
CPUAccounting=on
|
||||
MemoryAccounting=on
|
||||
|
||||
MemoryHigh=500M
|
||||
MemoryMax=1G
|
||||
MemorySwapMax=1G
|
||||
|
||||
CPUWeight=75
|
||||
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=true
|
||||
PrivateUsers=true
|
||||
|
||||
CapabilityBoundingSet=
|
||||
AmbientCapabilities=
|
||||
|
||||
DevicePolicy=closed
|
||||
|
||||
ProtectSystem=strict
|
||||
ProtectHome=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
ProtectClock=true
|
||||
ProtectKernelLogs=yes
|
||||
ProtectHostname=true
|
||||
|
||||
ProtectProc=invisible
|
||||
ProcSubset=pid
|
||||
|
||||
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
RestrictSUIDSGID=yes
|
||||
|
||||
NoNewPrivileges=yes
|
||||
LockPersonality=yes
|
||||
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=@system-service
|
||||
SystemCallFilter=~@privileged @resources @obsolete
|
||||
|
||||
RemoveIPC=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in a new issue