diff options
author | Luke Shumaker <lukeshu@lukeshu.com> | 2018-08-31 01:56:41 -0400 |
---|---|---|
committer | Luke Shumaker <lukeshu@lukeshu.com> | 2018-08-31 01:58:37 -0400 |
commit | 895464f92f960725cf45f427dfeefcab9bce224e (patch) | |
tree | 7c8b456d6f6d8ab3a44cd2a8289d7fe934b84fdf | |
parent | 0ce80f13d5122a92eec280365deda0be7e3418da (diff) |
Drop privileges
-rwxr-xr-x | qemu.in | 3 | ||||
-rw-r--r-- | qemu@.service.in | 5 |
2 files changed, 6 insertions, 2 deletions
@@ -7,10 +7,13 @@ numactl=() source "@pkgconfdir@/$1" args+=( -name "$1",debug-threads=on + -runas "$USER" -pidfile "@runstatedir@/qemu-$1/pid" + -vnc unix:"@runstatedir@/qemu-$1/vnc.sock" -monitor unix:"@runstatedir@/qemu-$1/monitor.sock",server,nowait -serial file:"/dev/stdout" + -daemonize ) diff --git a/qemu@.service.in b/qemu@.service.in index 000419e..cc4c925 100644 --- a/qemu@.service.in +++ b/qemu@.service.in @@ -7,10 +7,11 @@ Before=machines.target [Service] Type=notify NotifyAccess=all +DynamicUser=yes RuntimeDirectory=qemu-%I PIDFile=@runstatedir@/qemu-%I/pid -ExecStart=@BINPROG@ %I -ExecStop=@SOCAT@ SYSTEM:'echo system_powerdown; sleep infinity' UNIX-CONNECT:@runstatedir@/qemu-%I/monitor.sock +ExecStart=!@BINPROG@ %I +ExecStop=!@SOCAT@ SYSTEM:'echo system_powerdown; sleep infinity' UNIX-CONNECT:@runstatedir@/qemu-%I/monitor.sock [Install] WantedBy=machines.target |