caleno/ghost-node
1
0
Fork 0
mirror of https://git.ghostchain.io/proxmio/ghost-node.git synced 2025-12-27 11:19:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

more or less working version, enough to get started

Browse Source 
Signed-off-by: Uncle Stinky <uncle.stinky@ghostchain.io>
This commit is contained in:
Uncle Stinky
2024-10-07 20:36:11 +03:00
parent ba848bd479
commit 7b59411e5f
3 changed files with 314 additions and 200 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
scripts/packaging/template.service
View File

@@ -7,10 +7,9 @@ Documentation=https://git.ghostchain.io/ghostchain/ghost-node
EnvironmentFile=-/etc/default/ghost
ExecStart=/usr/bin/ghost $GHOST_CLI_ARGS
User=ghost
Group=ghost
Restart=always
RestartSec=30
TODO CapabilityBoundingSet=
CapabilityBoundingSet=
LockPersonality=true
NoNewPrivileges=true
PrivateDevices=true
@@ -22,10 +21,10 @@ ProtectControlGroups=true
ProtectHostname=true
ProtectKernelModules=true
ProtectKernelTunables=true
TODO ProtectSystem=strict
ProtectSystem=strict
RemoveIPC=true
TODO RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
gRestrictNamespaces=false
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
RestrictNamespaces=false
RestrictSUIDSGID=true
SystemCallArchitectures=native
SystemCallFilter=@system-service