Reynir Björnsson
33f7b6bcee
* Use systemd socket activation * Pass a new command line argument --systemd-socket-activation to the daemons if running on Linux * Install .socket files * Systemd services depend on their sockets * Implement sd_listen_fds in OCaml * Set FD_CLOEXEC in sd_listen_fds * README: add comment about socket paths * Linux systemd scripts: Rename albatross_stat -> albatross_stats
32 lines
870 B
Desktop File
32 lines
870 B
Desktop File
[Unit]
|
|
Description=Albatross VMM daemon (albatrossd)
|
|
Requires=albatross_console.socket albatross_log.socket albatross_daemon.socket
|
|
After=syslog.target albatross_console.service albatross_log.service
|
|
|
|
[Service]
|
|
Type=simple
|
|
# TODO not necessarily needs to be run as root, anything that can solo5-spt/hvt,
|
|
# create tap interfaces should be fine!
|
|
User=root
|
|
ExecStart=/usr/local/sbin/albatrossd --systemd-socket-activation --tmpdir="%t/albatross/" -vv
|
|
#RuntimeDirectoryPreserve=yes
|
|
#RuntimeDirectory=albatross
|
|
PIDFile=%t/albatross/daemon.pid
|
|
|
|
## hardening stuff
|
|
ProtectSystem=full
|
|
ProtectHome=true
|
|
#UMask=0077
|
|
OOMScoreAdjust=-1000
|
|
#AppArmorProfile=
|
|
#SmackProcessLabel=albatross_vmm
|
|
IgnoreSIGPIPE=true
|
|
#SystemCallFilter=~reboot
|
|
#SystemCallFilter=
|
|
#RestrictAddressFamilies=AF_UNIX
|
|
#RuntimeDirectoryMode=0700
|
|
|
|
[Install]
|
|
Also=albatross_daemon.socket
|
|
WantedBy=multi-user.target
|