blob: b2677d8a0767d5d521acdbf70942178c9753dc43 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
[Unit]
Description=GStreamer Daemon (System)
After=network.target
Documentation=https://developer.ridgerun.com/wiki/index.php/Gstd
[Service]
Type=simple
EnvironmentFile=-/etc/conf.d/gstd
ExecStart=/usr/bin/gstd $GSTD_OPTS
Restart=on-failure
RestartSec=5s
User=gstd
Group=gstd
# XDG_RUNTIME_DIR fix
Environment=XDG_RUNTIME_DIR=/run/gstd
Environment=GST_REGISTRY=/var/cache/gstd/registry.bin
Environment=HOME=/var/lib/gstd
# VM/Headless compatibility
Environment=GST_GL_WINDOW=none
Environment=GST_GL_PLATFORM=none
Environment=LIBGL_ALWAYS_SOFTWARE=1
Environment=GST_REGISTRY_FORK=no
# Security settings
NoNewPrivileges=yes
PrivateTmp=yes
ProtectSystem=strict
ProtectHome=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
RemoveIPC=yes
MemoryDenyWriteExecute=yes
# Allow multimedia access
SupplementaryGroups=audio video
# Directory management
RuntimeDirectory=gstd
RuntimeDirectoryMode=0750
StateDirectory=gstd
StateDirectoryMode=0750
CacheDirectory=gstd
CacheDirectoryMode=0750
LogsDirectory=gstd
LogsDirectoryMode=0750
# Timeouts
TimeoutStopSec=10s
KillMode=mixed
KillSignal=SIGTERM
[Install]
WantedBy=multi-user.target
|