haveged module: clean up service configuration (#18513)
Switches from the forking service type to simple by running haveged in the foreground. Also restricts the execution environment a bit (these are inspired by the Debian service file).
This commit is contained in:
parent
87ee2736ce
commit
b023e8f303
@ -48,14 +48,18 @@ in
|
||||
{ description = "Entropy Harvesting Daemon";
|
||||
unitConfig.Documentation = "man:haveged(8)";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
|
||||
path = [ pkgs.haveged ];
|
||||
|
||||
serviceConfig =
|
||||
{ Type = "forking";
|
||||
ExecStart = "${pkgs.haveged}/sbin/haveged -w ${toString cfg.refill_threshold} -v 1";
|
||||
PIDFile = "/run/haveged.pid";
|
||||
};
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.haveged}/bin/haveged -F -w ${toString cfg.refill_threshold} -v 1";
|
||||
SuccessExitStatus = 143;
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
PrivateNetwork = true;
|
||||
ProtectSystem = "full";
|
||||
ProtectHome = true;
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user