forked from mirrors/nixpkgs
irqbalance: systemd service config aligned with upstream
Aligned systemd service config with the definition in the upstream repo: https://github.com/Irqbalance/irqbalance/blob/master/misc/irqbalance.service#L7. Other than adding some level of sandboxing it also fixes the "Daemon couldn't be bound to the file-based socket." warning reported on irqbalance startup due to the fact that the "/run/irqbalance" directory didn't exist. The "RuntimeDirectory" property makes sure it gets created. The aforementioned warning didn't cause any problems I could spot though. I have verified that both `irqbalance` as well as `irqbalance-ui` work fine with this new systemd service config.
This commit is contained in:
parent
e96265ebcd
commit
a5ab947003
|
@ -17,8 +17,15 @@ in
|
|||
irqbalance = {
|
||||
description = "irqbalance daemon";
|
||||
path = [ pkgs.irqbalance ];
|
||||
serviceConfig =
|
||||
{ ExecStart = "${pkgs.irqbalance}/bin/irqbalance --foreground"; };
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.irqbalance}/bin/irqbalance --foreground";
|
||||
CapabilityBoundingSet = "";
|
||||
NoNewPrivileges = "yes";
|
||||
ReadOnlyPaths = "/";
|
||||
ReadWritePaths = "/proc/irq";
|
||||
RestrictAddressFamilies = "AF_UNIX";
|
||||
RuntimeDirectory = "irqbalance/";
|
||||
};
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue