summarylogtreecommitdiffstats
path: root/prysm-beacon-chain.service
diff options
context:
space:
mode:
Diffstat (limited to 'prysm-beacon-chain.service')
-rw-r--r--prysm-beacon-chain.service23
1 files changed, 22 insertions, 1 deletions
diff --git a/prysm-beacon-chain.service b/prysm-beacon-chain.service
index d2a3b71409eb..6fd8a524e9df 100644
--- a/prysm-beacon-chain.service
+++ b/prysm-beacon-chain.service
@@ -3,9 +3,30 @@ Description=Prysm beacon-chain client
After=network-online.target
[Service]
-ExecStartPre=/usr/bin/mkdir -p /var/lib/prysm/beacon-chain
+DynamicUser=true
ExecStart=/usr/bin/prysm.beacon-chain --datadir=/var/lib/prysm/beacon-chain
Restart=always
+StateDirectory=prysm/beacon-chain
+
+NoNewPrivileges=yes
+CapabilityBoundingSet=
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+
+PrivateDevices=yes
+PrivateUsers=yes
+PrivateTmp=yes
+
+ProtectSystem=strict
+ProtectClock=yes
+ProtectHome=true
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
[Install]
WantedBy=default.target