Mini Shell
[Unit]
Description=Low Memory Monitor
ConditionPathExists=/proc/pressure
After=sysinit.target
[Service]
ExecStart=/usr/libexec/low-memory-monitor
Restart=on-failure
#Uncomment this to enable debug
#Environment="G_MESSAGES_DEBUG=all"
CPUSchedulingPolicy=fifo
CPUSchedulingPriority=1
# Filesystem lockdown
ProtectSystem=strict
PrivateDevices=true
ProtectControlGroups=true
ProtectHome=true
PrivateTmp=true
# Network
PrivateNetwork=true
RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK
# Execute Mappings
MemoryDenyWriteExecute=true
# Modules
ProtectKernelModules=true
# Real-time
RestrictRealtime=true
# Privilege escalation
NoNewPrivileges=true
[Install]
WantedBy=basic.target
Zerion Mini Shell 1.0