From 4fd7396fb96498b3dc1ef95361b6b0f0c7e125c3 Mon Sep 17 00:00:00 2001 From: Marc Fournier Date: Wed, 14 Oct 2015 08:50:28 +0200 Subject: [PATCH] systemd.collectd.service: backport changes from master branch --- contrib/systemd.collectd.service | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/contrib/systemd.collectd.service b/contrib/systemd.collectd.service index b046192b..0e758e40 100644 --- a/contrib/systemd.collectd.service +++ b/contrib/systemd.collectd.service @@ -5,19 +5,26 @@ Requires=local-fs.target network.target [Service] ExecStart=/usr/sbin/collectd +EnvironmentFile=-/etc/sysconfig/collectd +EnvironmentFile=-/etc/default/collectd +ProtectSystem=full +ProtectHome=true + +# drop all capabilities: +CapabilityBoundingSet= +# use this instead if you use the dns or ping plugin +#CapabilityBoundingSet=CAP_NET_RAW +# turn this on if you use the iptables next to the dns or ping plugin +#CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN + +NoNewPrivileges=true # Tell systemd it will receive a notification from collectd over it's control # socket once the daemon is ready. See systemd.service(5) for more details. Type=notify -NotifyAccess=main # Restart the collectd daemon after a 10 seconds delay, in case it crashes. -Restart=always -RestartSec=10 - -# Send all console messages to syslog. -StandardOutput=syslog -StandardError=syslog +Restart=on-failure [Install] WantedBy=multi-user.target -- 2.11.0