units/systemd-localed.service.in

   1 #  SPDX-License-Identifier: LGPL-2.1-or-later
   2 #
   3 #  This file is part of systemd.
   4 #
   5 #  systemd is free software; you can redistribute it and/or modify it
   6 #  under the terms of the GNU Lesser General Public License as published by
   7 #  the Free Software Foundation; either version 2.1 of the License, or
   8 #  (at your option) any later version.
   9
  10 [Unit]
  11 Description=Locale Service
  12 Documentation=man:systemd-localed.service(8)
  13 Documentation=man:locale.conf(5)
  14 Documentation=man:vconsole.conf(5)
  15 Documentation=man:org.freedesktop.locale1(5)
  16
  17 [Service]
  18 Type=notify
  19 BusName=org.freedesktop.locale1
  20 CapabilityBoundingSet=
  21 ExecStart={{LIBEXECDIR}}/systemd-localed
  22 IPAddressDeny=any
  23 LockPersonality=yes
  24 MemoryDenyWriteExecute=yes
  25 NoNewPrivileges=yes
  26 PrivateDevices=yes
  27 PrivateNetwork=yes
  28 PrivateTmp=yes
  29 ProtectProc=invisible
  30 ProtectControlGroups=yes
  31 ProtectHome=yes
  32 ProtectHostname=yes
  33 ProtectKernelLogs=yes
  34 ProtectKernelModules=yes
  35 ProtectKernelTunables=yes
  36 ProtectSystem=strict
  37 ReadWritePaths=/etc
  38 {% if HAVE_LOCALEGEN %}
  39 ReadWritePaths=/usr/lib/locale
  40 {% endif %}
  41 RestrictAddressFamilies=AF_UNIX
  42 RestrictNamespaces=yes
  43 RestrictRealtime=yes
  44 RestrictSUIDSGID=yes
  45 SystemCallArchitectures=native
  46 SystemCallErrorNumber=EPERM
  47 SystemCallFilter=@system-service
  48 {{SERVICE_WATCHDOG}}