1# SPDX-License-Identifier: LGPL-2.1-or-later 2# 3# This file is part of systemd. 4# 5# systemd is free software; you can redistribute it and/or modify it 6# under the terms of the GNU Lesser General Public License as published by 7# the Free Software Foundation; either version 2.1 of the License, or 8# (at your option) any later version. 9 10[Unit] 11Description=Locale Service 12Documentation=man:systemd-localed.service(8) 13Documentation=man:locale.conf(5) 14Documentation=man:vconsole.conf(5) 15Documentation=man:org.freedesktop.locale1(5) 16 17[Service] 18BusName=org.freedesktop.locale1 19CapabilityBoundingSet= 20ExecStart={{ROOTLIBEXECDIR}}/systemd-localed 21IPAddressDeny=any 22LockPersonality=yes 23MemoryDenyWriteExecute=yes 24NoNewPrivileges=yes 25PrivateDevices=yes 26PrivateNetwork=yes 27PrivateTmp=yes 28ProtectProc=invisible 29ProtectControlGroups=yes 30ProtectHome=yes 31ProtectHostname=yes 32ProtectKernelLogs=yes 33ProtectKernelModules=yes 34ProtectKernelTunables=yes 35ProtectSystem=strict 36ReadWritePaths=/etc 37{% if HAVE_LOCALEGEN %} 38ReadWritePaths=/usr/lib/locale 39{% endif %} 40RestrictAddressFamilies=AF_UNIX 41RestrictNamespaces=yes 42RestrictRealtime=yes 43RestrictSUIDSGID=yes 44SystemCallArchitectures=native 45SystemCallErrorNumber=EPERM 46SystemCallFilter=@system-service 47{{SERVICE_WATCHDOG}} 48