18728a7601
- console creates the run directories (albatross albatross/fifo albatross/util) -> log depends on console - albatross/fifo needs special permission (albatross_daemon creates fifo there, albatross_console needs to read them) - use /var/lib/albatross/albatross.log for the log file - only require root in albatross_daemon, use user albatross in albatross_console and albatross_log - defer albatross_stat for now
31 lines
791 B
Desktop File
31 lines
791 B
Desktop File
[Unit]
|
|
Description=Albatross VMM daemon (albatrossd)
|
|
Requires=albatross_console.service albatross_log.service
|
|
After=syslog.target albatross_console.service albatross_log.service
|
|
|
|
[Service]
|
|
Type=simple
|
|
# TODO not necessarily needs to be run as root, anything that can solo5-spt/hvt,
|
|
# create tap interfaces should be fine!
|
|
User=root
|
|
ExecStart=/usr/local/sbin/albatrossd --tmpdir="%t/albatross/" -vv
|
|
#RuntimeDirectoryPreserve=yes
|
|
#RuntimeDirectory=albatross
|
|
PIDFile=%t/albatross/daemon.pid
|
|
|
|
## hardening stuff
|
|
ProtectSystem=full
|
|
ProtectHome=true
|
|
#UMask=0077
|
|
OOMScoreAdjust=-1000
|
|
#AppArmorProfile=
|
|
#SmackProcessLabel=albatross_vmm
|
|
IgnoreSIGPIPE=true
|
|
#SystemCallFilter=~reboot
|
|
#SystemCallFilter=
|
|
#RestrictAddressFamilies=AF_UNIX
|
|
#RuntimeDirectoryMode=0700
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|