2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-29 21:09:32 +00:00
confluent/confluent_server/systemd/confluent.service
Jarrod Johnson 0d5fa7a98a Change confluent to run as non-root and harden systemd
This mitigates a great deal of risk compared to prior behavior.
2020-01-31 09:52:52 -05:00

24 lines
500 B
Desktop File

# IBM(c) 2015 Apache 2.0
# Lenovo(c) 2020 Apache 2.0
[Unit]
Description=Confluent hardware manager
[Service]
Type=forking
#PIDFile=/var/run/confluent/pid
ExecStart=/opt/confluent/bin/confluent
ExecStop=/opt/confluent/bin/confetty shutdown /
Restart=on-failure
AmbientCapabilities=CAP_NET_BIND_SERVICE
User=confluent
Group=confluent
DevicePolicy=closed
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
PrivateDevices=true
ProtectControlGroups=true
ProtectSystem=true
[Install]
WantedBy=multi-user.target