diff options
Diffstat (limited to 'falco-modern-bpf.service')
| -rw-r--r-- | falco-modern-bpf.service | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/falco-modern-bpf.service b/falco-modern-bpf.service new file mode 100644 index 000000000000..493085eda408 --- /dev/null +++ b/falco-modern-bpf.service @@ -0,0 +1,25 @@ +[Unit] +Description=Falco: Cloud Native Runtime Security +Documentation=https://falco.org/docs/ + +[Service] +Type=simple +User=root +ExecStart=/usr/bin/falco -o engine.kind=modern_ebpf +ExecReload=kill -1 $MAINPID +UMask=0077 +TimeoutSec=30 +RestartSec=15s +Restart=on-failure +PrivateTmp=true +NoNewPrivileges=yes +ProtectHome=read-only +ProtectSystem=full +ProtectKernelTunables=true +RestrictRealtime=true +RestrictAddressFamilies=~AF_PACKET +StandardOutput=null + +[Install] +WantedBy=multi-user.target +Alias=falco.service |