summarylogtreecommitdiffstats
path: root/prysm-slasher.service
diff options
context:
space:
mode:
Diffstat (limited to 'prysm-slasher.service')
-rw-r--r--prysm-slasher.service33
1 files changed, 33 insertions, 0 deletions
diff --git a/prysm-slasher.service b/prysm-slasher.service
new file mode 100644
index 000000000000..15b9107b2759
--- /dev/null
+++ b/prysm-slasher.service
@@ -0,0 +1,33 @@
+[Unit]
+Description=Prysm slasher
+After=network-online.target
+
+[Service]
+DynamicUser=true
+ExecStart=/usr/bin/prysm.slasher --datadir=/var/lib/prysm/slasher
+Restart=always
+StateDirectory=prysm/slasher
+
+NoNewPrivileges=yes
+CapabilityBoundingSet=
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+
+PrivateDevices=yes
+PrivateUsers=yes
+PrivateTmp=yes
+
+ProtectSystem=strict
+ProtectClock=yes
+ProtectHome=true
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+
+RestrictAddressFamilies=AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+
+[Install]
+WantedBy=default.target