1# SPDX-License-Identifier: LGPL-2.1-or-later 2# 3# This file is part of systemd. 4# 5# systemd is free software; you can redistribute it and/or modify it 6# under the terms of the GNU Lesser General Public License as published by 7# the Free Software Foundation; either version 2.1 of the License, or 8# (at your option) any later version. 9 10[Unit] 11Description=Journal Remote Sink Service 12Documentation=man:systemd-journal-remote(8) man:journal-remote.conf(5) 13Requires=systemd-journal-remote.socket 14 15[Service] 16ExecStart={{ROOTLIBEXECDIR}}/systemd-journal-remote --listen-https=-3 --output=/var/log/journal/remote/ 17LockPersonality=yes 18LogsDirectory=journal/remote 19MemoryDenyWriteExecute=yes 20NoNewPrivileges=yes 21PrivateDevices=yes 22PrivateNetwork=yes 23PrivateTmp=yes 24ProtectProc=invisible 25ProtectClock=yes 26ProtectControlGroups=yes 27ProtectHome=yes 28ProtectHostname=yes 29ProtectKernelLogs=yes 30ProtectKernelModules=yes 31ProtectKernelTunables=yes 32ProtectSystem=strict 33RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 34RestrictNamespaces=yes 35RestrictRealtime=yes 36RestrictSUIDSGID=yes 37SystemCallArchitectures=native 38User=systemd-journal-remote 39{{SERVICE_WATCHDOG}} 40 41# If there are many split up journal files we need a lot of fds to access them 42# all in parallel. 43LimitNOFILE={{HIGH_RLIMIT_NOFILE}} 44 45[Install] 46Also=systemd-journal-remote.socket 47