1# SPDX-License-Identifier: LGPL-2.1-or-later 2# 3# This file is part of systemd. 4# 5# systemd is free software; you can redistribute it and/or modify it 6# under the terms of the GNU Lesser General Public License as published by 7# the Free Software Foundation; either version 2.1 of the License, or 8# (at your option) any later version. 9 10[Unit] 11Description=Process Core Dump 12Documentation=man:systemd-coredump(8) 13DefaultDependencies=no 14Conflicts=shutdown.target 15After=systemd-journald.socket 16Requires=systemd-journald.socket 17Before=shutdown.target 18 19[Service] 20ExecStart=-{{ROOTLIBEXECDIR}}/systemd-coredump 21IPAddressDeny=any 22LockPersonality=yes 23MemoryDenyWriteExecute=yes 24Nice=9 25NoNewPrivileges=yes 26OOMScoreAdjust=500 27PrivateDevices=yes 28PrivateNetwork=yes 29PrivateTmp=yes 30ProtectControlGroups=yes 31ProtectHome=yes 32ProtectHostname=yes 33ProtectKernelModules=yes 34ProtectKernelTunables=yes 35ProtectKernelLogs=yes 36ProtectSystem=strict 37RestrictAddressFamilies=AF_UNIX 38RestrictRealtime=yes 39RestrictSUIDSGID=yes 40RuntimeMaxSec=5min 41StateDirectory=systemd/coredump 42SystemCallArchitectures=native 43SystemCallErrorNumber=EPERM 44SystemCallFilter=@system-service @mount 45