systemd.collectd.service: backport changes from master branch

author Marc Fournier <marc.fournier@camptocamp.com>

Wed, 14 Oct 2015 06:50:28 +0000 (08:50 +0200)

committer Marc Fournier <marc.fournier@camptocamp.com>

Wed, 14 Oct 2015 06:50:28 +0000 (08:50 +0200)
author Marc Fournier <marc.fournier@camptocamp.com>
Wed, 14 Oct 2015 06:50:28 +0000 (08:50 +0200)
committer Marc Fournier <marc.fournier@camptocamp.com>
Wed, 14 Oct 2015 06:50:28 +0000 (08:50 +0200)
diff --git a/contrib/systemd.collectd.service b/contrib/systemd.collectd.service

index b046192..0e758e4 100644 (file)
--- a/contrib/systemd.collectd.service
+++ b/contrib/systemd.collectd.service
@@ -5,19 +5,26 @@ Requires=local-fs.target network.target
  
  [Service]
  ExecStart=/usr/sbin/collectd
+EnvironmentFile=-/etc/sysconfig/collectd
+EnvironmentFile=-/etc/default/collectd
+ProtectSystem=full
+ProtectHome=true
+
+# drop all capabilities:
+CapabilityBoundingSet=
+# use this instead if you use the dns or ping plugin
+#CapabilityBoundingSet=CAP_NET_RAW
+# turn this on if you use the iptables next to the dns or ping plugin
+#CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN
+
+NoNewPrivileges=true
  
  # Tell systemd it will receive a notification from collectd over it's control
  # socket once the daemon is ready. See systemd.service(5) for more details.
  Type=notify
-NotifyAccess=main
  
  # Restart the collectd daemon after a 10 seconds delay, in case it crashes.
-Restart=always
-RestartSec=10
-
-# Send all console messages to syslog.
-StandardOutput=syslog
-StandardError=syslog
+Restart=on-failure
  
  [Install]
  WantedBy=multi-user.target
author	Marc Fournier <marc.fournier@camptocamp.com>
	Wed, 14 Oct 2015 06:50:28 +0000 (08:50 +0200)
committer	Marc Fournier <marc.fournier@camptocamp.com>
	Wed, 14 Oct 2015 06:50:28 +0000 (08:50 +0200)